Giter Club home page Giter Club logo

team-auth's Introduction

SMS Hub for delegated authentication for your team using sideos

This repo is about getting rid of SMS one time passwords (OTP) and make them available through a web-based dashboard. For authentication you use a Passwordless Login with the sideos Wallet. It is using the new SSI Technology to store credentials on a phone for login to a web service. SSI stands for Self-Sovereign-Identity and is all about decentralized data in a web3 world. The example is using sideos for an easy start with SSI.

The idea came up when the team was forced to use 2-Factor authentication for all kind of web applications and more then 1 person needs access to the account. Because it is not worth to create and pay another user license for just having a backup in place we wanted to have a secure fallback solution. For some reasons many web application provider just force to 2FA and don't think about the impact for a business user.

See "SMS OTP Hub für Teams" at Raspi Lab for more information how to build the SMS Hub with a Raspberry Pi and a GSM hat.

Overview

Installation

The code is typescript so you need node.js installed on the Raspberry Pi. As a package manager we recommend yarn. Also, we are using Redis as session store. Because of the decentralized nature of SSI we don't need a database to store user data. The credential used for the login also includes the data we need for our purpose.

Install the Code

Getting the repository: git clone [email protected]:rheikvaneyck/team-auth.git

Change to the new folder and install the npm packages:

cd team-auth
yarn install
touch .env

Edit the .env file to add the environment variables (we will set the values later)

ACCESS_TOKEN=<API token>
SSI_SERVER='https://juno.sideos.io'
LOGIN_TEMPLATE_ID=<template id>
CALLBACK_URL=<server url>
DID_ISSUER=<did>

The values for the variables ACCESS_TOKEN, SSI_SERVER, LOGIN_TEMPLATE_ID, and DID_ISSUER are set based on information from the sideos account as describefd below.

The CALLBACK_URL variable is poiting to the url of the service and is shown once you've started the server, e.g. as Server started at http://pi3p:9000.

Get an sideos Account

Go to sideos onboarding and:

  1. download the sideos app
  2. create an account at the console by following the instructions

Create Login Credentials

For SSI login you need to create verifiable credentials which will be stored on the users phone. sideos is providing a template system which allows admins to create credentials for any possible use case. Templates are based of Credential Data Sets which combine one ore more Proofs. :

  1. In Proofs, add a new proof. Give it a Name, create a new Type, e.g. 'email', and a Context, which is in the case of a simple string 'DataFeedItem'.
  2. In Credentials, create a new template. Create a new Credential type, e.g. 'User' and give it a Name. Chose the proof which is the one we just created.
  3. Note down the ID of the template we just created. This number goes into the .env file mentioned above as LOGIN_TEMPLATE_ID variable.
  4. In Settings, go to Company Settings and set the Token which goes into the .env file mentioned above as ACCESS_TOKEN variable. The value for the DID_ISSUER comes from the Company DID.

Put the variables up in the .env file.

Get the Verifiable Credentials

The credentials can be created by an API call and send in different ways to the user. The easiest way is just to click the button 'Test credentials' in the details of a template. It creates a credential which you can store on the phone and for the login later. For the SSI credential part: That's it.

Install and run Redis

The session data is stored in Redis. For development purposes we don't secure redis and assume it is only running locally, so we don't care about exposing sensitive data to evil part of the world. Have a look at the Redis documentation to secure your configuration. To install Redis on a Raspberry Pi do:

sudo apt update
sudo apt get install redis
sudo systemctl start redis

Run it

Start the dev service: yarn start:dev

Open the server url shown in the console in your browser, in our case http://pi3p:9000:

pi@pi3a:~/team-auth $ yarn start:dev
yarn run v1.22.19
$ nodemon src/index.ts
[nodemon] 2.0.20
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): src/**/*
[nodemon] watching extensions: ts,json
[nodemon] starting `ts-node ./src/index.ts src/index.ts`
Server started at http://pi3a:9000
Redis Client connected...
Redis Client ready

team-auth's People

Watchers

Rheik van Eyck avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.