Skip to content

thepont/moneypenny

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

137 Commits

__test__

__test__

 
 

app/test-utils

app/test-utils

 
 

auth

auth

 
 

util

util

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

circle.yml

circle.yml

 
 

index.js

index.js

 
 

jsconfig.json

jsconfig.json

 
 

package.json

package.json

 
 

properties.js

properties.js

 
 

tsd.json

tsd.json

 
 

Repository files navigation

moneypenny

moneypenny - Authentication Service

Circle CI Coverage Status

Moneypenny acts as an authentication service that offers multiple authentication strategies to a backend service and sends a JSON web token(JWT) encripted using a shared secret as a response.

Other services in the architecture should also know the shared secret allowing the token to be passed around in API calls to provide user information related to the request.

##Endpoints.

###/auth/details ####GET Returns the details for the current logged in user.

###/auth/jwt ####GET Returns a JWT of the current signed in users details This is a debug method that should be deleted from a production system or only allowed to be accessed by services

###/auth/local/login ####POST Publically accessable endpoint for local authentication, redirects the user to the last requested page or /auth/details if no page is found.

#####Params

  • username - username for the user to be authenticated
  • password - password for the user to be authenticated

###/auth/saml/login ####GET

SAML login route.

  • Redirects the user to the SAML Identity Provider server currently hardcoded to salesforce
  • After user is logged into SAML server user is redirected back to the authenitication service, and a session is established over SAML

###/auth/saml/login/callback ####POST

SAML callback *Callback URL for SAML, used by the SAML stratergy after the user has authenticated with the identity procider.

###/oauth2/authorization ####GET oAuth2 server authorization endpoint.

  • Endpoint is used to request that the server gives a user authorization via oAuth.
  • Returns a code to the client, that it will then send to the remote server.

###/oauth2/token ####POST oAuth2 token endpoint.

Called when the remote server requests a token from the server.

  • Remote server will POST the code it recived from the client during the authorization stage
  • Moneypenny returns a JWT to the remote server.
  • Remote server can then decode user details from JWT.

##MongoDB Collections.

###local_users A list of local users, use for a local authentication stratergy on moneypenny.

In the future a remote trusted server should be able to do a POST request with local user details and get a JWT as a response

###oauth_client_store A list of oAuth2 clients and their shared secrets (different shared secret from JWT)

###oauth_code_store A list of oAuth2 codes, this code is past via the web browser on an oAuth 2 request and is then used to request a token.

The tokens are also JWT currently and are encoded with the same key. although this should be different since they are seen by the web client.

###oauth_refresh_token

A list of refresh tokens that are used to refresh the oauth token when it expires.

###oauth_token

A list of the oAuth tokens that have been sent to the services, these tokens are also JWT, and therefor services that get access tokens from the service can decode user information from the access token, and pass the access tokens to other services.

###session_users

Users logged into sessions on the server, This list contains both SAML and Local users, and is the user encoded in the JWT.

About

Authentication Service

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages