# uotp **uotp** is a full blown authentication and authorisation service made for micro services. The basic idea is that every micro service has a (long term) triple constisting of (name, realm, seed) and creates time based tokens. This basically revamps Kerberos in a simple way into the web area. uotp has been created and is maintained by ungleich. **Technologies Used** * Flask * PyOTP * Etcd ## Installation ### Alpine ```shell # Update and Upgrade cat > /etc/apk/repositories << EOF https://mirror.ungleich.ch/mirror/packages/alpine/edge/main https://mirror.ungleich.ch/mirror/packages/alpine/edge/community https://mirror.ungleich.ch/mirror/packages/alpine/edge/testing EOF apk update apk upgrade # Install Dependencies apk add python3 git etcd etcd-ctl py3-grpcio curl https://raw.githubusercontent.com/etcd-io/etcd/release-3.4/etcd.conf.yml.sample -o /etc/etcd/conf.yml pip3 install git+https://code.ungleich.ch/ungleich-public/uotp.git@master service etcd start ``` Create `/etc/uotp/uotp.conf` with something like the following configuration ``` BASE_PREFIX=/uotp/ ADMIN_REALM=ungleich-admin AUTH_REALM=ungleich-auth PORT=8000 ``` and run **uotp** with the following command ``` uotp ``` ## Usage #### Get Admin Credentials Run the following commands in your uotp directory ```shell pipenv run python uotp/scripts/get-admin.py ``` #### Create Auth Account (or any account) Run the following command in your uotp directory: ```shell pipenv run python uotp/client create \ --name auth --realm ungleich-auth \ --admin-name admin --admin-realm ungleich-admin \ --admin-seed admin_seed_here ``` In response, you would get a JSON object containing Message and Credentials of newly created account. #### List All Accounts with credentials ```shell pipenv run python uotp/client.py list \ --admin-name admin_name_jere --admin-realm admin_realm_here \ --admin-seed admin_seed_here ``` #### Verify OTP Credentials ```shell pipenv run python uotp/client.py verify \ --name user_name_here --realm user_realm_here \ --seed user_seed_here --auth-name auth_name_here \ --auth-realm auth_realm_here --auth-seed auth_seed_here ``` #### Delete OTP Account TODO