.gitignore | ||
nameko1.py | ||
README.md | ||
requirements.txt |
ungleich-otp
The ungleich OTP service that allows you access to the ungleich micro service infrastructure.
We are using
- nameko for internal communication
- django for the DB + admin interface
Status
In development, pre production.
Usage: WEB
- No user interface (UI) supported (?) -> idea is to keep flow logic in ungleich-dynamicweb
Usage: BUS
RPC: verify(appid, token, appidtoverify, tokentoverify)
Verify whether the requesting app is authenticated. This is only allowed to be used for trusted appids.
POST: /verify
Not sure if this one will be publicly available.
{
version: "1",
appid: "your-app-uuid",
token: "current time based token",
appidtoverify: "appid that wants to be authenticated",
tokentoverify: "current time based token of appidtoverify",
}
Usage: REST
- Use an existing token to connect to the service
- All REST based messages: JSON
POST /app/register
Register a new app. Returns an app ID.
Request JSON object:
{ version: "1", appid: "your-app-uuid", token: "current time based token", username: "user this app belongs to", appname: "name of your web app" }
Response JSON object:
{ appid: "UUID of your app", }
GET /app
List all registered apps for the current user.
Request JSON object:
{ version: "1", appid: "your-app-uuid", token: "current time based token" }
Response JSON object:
[ { name: "name of your web app" appid: "UUID of your app", }, { name: "name of your second web app" appid: "UUID of your second app", } ]
GET /app/UUID
Get seed for APP to be used as a token
Request JSON object:
{ version: "1", appid: "your-app-uuid", token: "current time based token" }
Response JSON object:
{ seed: "seed of your app" }
Usage: OTP
The seeds that you receive can be used for TOTP to authenticate your apps.
Database
The database saves a list of appids with their seeds and the user assignments as well as whether the appid might use the BUS interface.
Fields:
- appname (name chosen by the user)
- appid (a random UUID)
- seed (a random base32 string)
- username (who this appid belongs to)
- trusted (boolean, whether app is allowed to use the BUS)