The ungleich OTP service
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Nico Schottelius 33ea51fa76 Begin to describe JSON objects 4 years ago
.gitignore + gitignore 4 years ago
README.md Begin to describe JSON objects 4 years ago
nameko1.py OTP get seed && verify token 4 years ago

README.md

ungleich-otp

The ungleich OTP service that allows you access to the ungleich micro service infrastructure.

We are using

  • nameko for internal communication
  • django for the DB + admin interface

Usage: WEB

  • No user interface (UI) supported (?) -> idea is to keep flow logic in ungleich-dynamicweb

Usage: BUS and REST

  • BUS: send
  • Authentication
  • Use an existing token to connect to the service
  • All REST based messages: JSON

POST /app/register

Register a new app. Returns an app ID.

Request JSON object:

{ appid: "your-app-uuid", token: "current time based token" name: "name of your web app" }

Response JSON object:

{ appid: "UUID of your app", }

GET /app

List all registered apps for the current user.

Request JSON object:

{ appid: "your-app-uuid", token: "current time based token" }

Response JSON object:

[ { name: "name of your web app" appid: "UUID of your app", }, { name: "name of your second web app" appid: "UUID of your second app", } ]

GET /app/UUID

Get seed for APP to be used as a token

Request JSON object:

{ appid: "your-app-uuid", token: "current time based token" }

Response JSON object:

{ seed: "seed of your app" }

Usage: OTP

The seeds that you receive can be used for TOTP to authenticate your apps.

Database

The database saves a list of appids with their seeds and the user assignments as well as whether the appid might use the BUS interface.

Fields:

  • appname (name chosen by the user)
  • appid (a random UUID)
  • seed (a random base32 string)
  • username (who this appid belongs to)
  • trusted (boolean, whether app is allowed to use the BUS)