211 lines
3.1 KiB
Markdown
211 lines
3.1 KiB
Markdown
# ungleich-otp
|
|
|
|
The ungleich OTP service that allows you access to the ungleich micro
|
|
service infrastructure.
|
|
|
|
We are using
|
|
|
|
- nameko for internal communication
|
|
- django for the DB + admin interface
|
|
|
|
## Status
|
|
|
|
In development, pre production.
|
|
|
|
## Usage: WEB
|
|
|
|
- No user interface (UI) supported (?)
|
|
-> idea is to keep flow logic in ungleich-dynamicweb
|
|
|
|
## Usage: BUS
|
|
|
|
### RPC: verify(appuuid, token, appuuidtoverify, tokentoverify)
|
|
|
|
Verify whether the requesting app is authenticated. This is only
|
|
allowed to be used for trusted appuuids.
|
|
|
|
Returns a JSON object:
|
|
|
|
Either
|
|
```
|
|
{
|
|
status: "OK"
|
|
}
|
|
```
|
|
|
|
OR
|
|
|
|
```
|
|
{
|
|
status: "FAIL"
|
|
}
|
|
```
|
|
|
|
|
|
|
|
## Usage: REST
|
|
|
|
- Use an existing token to connect to the service
|
|
- All REST based messages: JSON
|
|
|
|
### POST: /verify
|
|
|
|
Not sure if this one will be publicly available.
|
|
|
|
Request JSON object:
|
|
|
|
```
|
|
{
|
|
version: "1",
|
|
appuuid: "your-app-uuid",
|
|
token: "current time based token",
|
|
appuuidtoverify: "appuuid that wants to be authenticated",
|
|
tokentoverify: "current time based token of appuuidtoverify",
|
|
}
|
|
```
|
|
|
|
Response JSON object:
|
|
|
|
Either
|
|
```
|
|
{
|
|
status: "OK",
|
|
}
|
|
```
|
|
|
|
OR
|
|
|
|
```
|
|
{
|
|
status: "FAIL",
|
|
}
|
|
```
|
|
|
|
### POST /app/register
|
|
|
|
Register a new app. Returns an app ID.
|
|
|
|
Request JSON object:
|
|
|
|
{
|
|
version: "1",
|
|
appuuid: "your-app-uuid",
|
|
token: "current time based token",
|
|
username: "user this app belongs to",
|
|
appname: "name of your web app"
|
|
}
|
|
|
|
Response JSON object:
|
|
|
|
```
|
|
{
|
|
status: "OK",
|
|
appuuid: "UUID of your app",
|
|
}
|
|
```
|
|
|
|
OR
|
|
|
|
```
|
|
{
|
|
status: "FAIL",
|
|
error: "Reason for failure"
|
|
}
|
|
```
|
|
|
|
### GET /app
|
|
|
|
List all registered apps for the current user.
|
|
|
|
Request JSON object:
|
|
|
|
{
|
|
version: "1",
|
|
appuuid: "your-app-uuid",
|
|
token: "current time based token"
|
|
}
|
|
|
|
Response JSON object:
|
|
|
|
```
|
|
{
|
|
status: "OK",
|
|
apps: [
|
|
{
|
|
name: "name of your web app"
|
|
appuuid: "UUID of your app",
|
|
},
|
|
{
|
|
name: "name of your second web app"
|
|
appuuid: "UUID of your second app",
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
### GET /app/UUID
|
|
|
|
Get seed for APP to be used as a token
|
|
|
|
Request JSON object:
|
|
|
|
```
|
|
{
|
|
version: "1",
|
|
appuuid: "your-app-uuid",
|
|
token: "current time based token"
|
|
}
|
|
```
|
|
|
|
Response JSON object:
|
|
|
|
```
|
|
{
|
|
status: "OK",
|
|
seed: "seed of your app"
|
|
}
|
|
```
|
|
|
|
|
|
## Usage: OTP
|
|
|
|
The seeds that you receive can be used for TOTP to authenticate your
|
|
apps.
|
|
|
|
|
|
## Database
|
|
|
|
The database saves a list of appuuids with their seeds and the user
|
|
assignments as well as whether the appuuid might use the BUS interface.
|
|
|
|
Fields:
|
|
|
|
- appuuid (a random UUID)
|
|
- appname (name chosen by the user)
|
|
- username (who this appuuid belongs to)
|
|
- seed (a random base32 string)
|
|
- trusted (boolean, whether app is allowed to use the BUS and the
|
|
verify method)
|
|
|
|
|
|
## Environment / Configuration
|
|
|
|
- POSTGRES_USERNAME
|
|
- SECRET_KEY -- random
|
|
|
|
## Random notes / stuff
|
|
|
|
django.db.backends.postgresql
|
|
django.contrib.admin
|
|
|
|
DATABASES = {
|
|
'default': {
|
|
'ENGINE': 'django.db.backends.postgresql',
|
|
'NAME': 'mydatabase',
|
|
'USER': 'mydatabaseuser',
|
|
'PASSWORD': 'mypassword',
|
|
'HOST': '127.0.0.1',
|
|
'PORT': '5432',
|
|
}
|
|
}
|