core-ca-connector
v0.1.2
Published
Core service that handles the authentication mechanism of an external API
Downloads
2
Readme
Core-CA-Connector
Abstracts the Authentication mechanism between our ecosystem and a channel.
Deploy notes
When deploying on a new environment, remember to generate a new privateInfoToken for the config.
Features
- Handles the authentication flow for channels that have a channel description in our ecosystem.
Especially depends on:
- TLS authentication functionality.
- Redis, (for stateful business in authentication flows)
Shortcuts for MVP
To create this service as quick as possible TLS authentication functionality is repurposed to be used in a stateless manner. This is done in this matter because:
- it is not needed to rewrite the OAuth2 authentication mechanism.
- Library TLS code can be properly wrapped in a stateless flow.
Also the focus is on OAuth2 and is implemented first.
Implementation
To create a solution as quick as possible, the TLS authentication functionality is repurposed to be used in a stateless manner. Core-ca-connector offers three endpoints for the authentication flow:
Authentication flow:
signin
points the user to the external API permission pageresolve
(also called signedIn) gain the authentication code fro the external API and creates the channelaccount. Event proxy will have to follow up to notify channelwaitConnected
answer back to the user if about the success of the permission grant.