# uotp

**uotp** is a full blown authentication and authorisation service
made for micro services.
The basic idea is that every micro service has a (long term) triple
constisting of (name, realm, seed) and creates time based tokens.
This basically revamps Kerberos in a simple way into the web area.
uotp has been created and is maintained by ungleich.

**Technologies Used**

* Flask
* PyOTP
* Etcd

## Installation
### Alpine

```shell
# Update and Upgrade 
cat > /etc/apk/repositories << EOF
https://mirror.ungleich.ch/mirror/packages/alpine/edge/main
https://mirror.ungleich.ch/mirror/packages/alpine/edge/community
https://mirror.ungleich.ch/mirror/packages/alpine/edge/testing
EOF
apk update
apk upgrade

# Install Dependencies
apk add python3 git etcd etcd-ctl py3-grpcio
pip3 install pipenv

# Start etcd
# etcd don't start using `service etcd start` as its package have some issue
start-stop-daemon -b etcd

# Clone Repo
git clone https://code.ungleich.ch/ungleich-public/uotp.git
cd uotp

pipenv --three --site-packages
pipenv install 
cp .env.sample .env
pipenv run python app.py
```


### Arch
```shell
# Install Dependencies
pacman -S python3 git
pamac build etcd
pip3 install pipenv

# Start etcd
systemctl start etcd

# Clone Repo
git clone https://code.ungleich.ch/ungleich-public/uotp.git
cd uotp

pipenv --three
pipenv install 
cp .env.sample .env
pipenv run python app.py
```

By default, it would run at port `8000`.

## Usage

#### Get Admin Credentials

Run the following commands in your uotp directory
```shell
pipenv run python scripts/get-admin.py
```

#### Create Auth Account (or any account)

Run the following command in your uotp directory:
```shell
pipenv run python client create \
    --name auth --realm ungleich-auth \
    --admin-name admin --admin-realm ungleich-admin \
    --admin-seed admin_seed_here
```

In response, you would get a JSON object containing Message and 
Credentials of newly created account. 

#### List All Accounts with credentials
```shell
pipenv run python client.py list \
    --admin-name admin_name_jere --admin-realm admin_realm_here \
    --admin-seed admin_seed_here
```

#### Verify OTP Credentials
```shell
pipenv run python client.py verify \
    --name user_name_here --realm user_realm_here \
    --seed user_seed_here --auth-name auth_name_here \
    --auth-realm auth_realm_here --auth-seed auth_seed_here
```

#### Delete OTP Account