Skip to content
This repository has been archived by the owner on Nov 10, 2020. It is now read-only.

AEGEE/oms-loginservice

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

assets

assets

 
 

config

config

 
 

docker

docker

 
 

frontend

frontend

 
 

lib

lib

 
 

priv

priv

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

README.md

README.md

 
 

TODO

TODO

 
 

coveralls.json

coveralls.json

 
 

mix.exs

mix.exs

 
 

mix.lock

mix.lock

 
 

package-lock.json

package-lock.json

 
 

startstuff

startstuff

 
 

Repository files navigation

Build Status

Loginservice

This should be the login server of a microservice application. The login server has at it's core a tiny user db with just username, email and password and a token system. The API can be found here

Token system

The token system is based on two types of tokens,

  • Short-lived Access Tokens which enable access to all services of the ms architecture
  • Long-lived Refresh Tokens which are only used to obtain new access tokens

An access token with a TTL of about 30 minutes can be verified cryptographically without db access in any service under knowledge of a common secret, which has to be injected into every service. Also it carries the user name and the email as basic user data, which can be used in the UI without the need for contacting a db or any other microservice. After their expiry, the frontend has to renew the session by using the refresh token to obtain a new access token. The refresh token is additionally stored in a db to enable manual revocation and increase the security of that token type. Effectively, revocation thus needs a TTL of an access token until it takes effect.

Aquiring a refresh token is not possible without logging in again, so every week the user will have to input his password again. This could theoretically be modified to enable infinite login, for security purposes we decided against that.

Registration

Also, the Loginservice provides a registration frontend to unregistered users. For this, we use the notion of recruitment campaigns, where a campaign can be registered with the loginserver including custom questions to the user. After successful registration including email confirmation, a callback stored in the campaign will be triggered to forward registration data to another microservice and enable processing there. Each registration campaign has a custom link, calling the link will trigger questions specific to that registration campaign. Maybe we will provide a default campaign.

After submitting to a registration campaign, an email will be sent to the user where he has to confirm by clicking on a link.

Password forgotten

By entering your username or email it is possible to send a password reset link. On this link the user will be able to reset his password.

About

A login and signup service for a microservice architecture

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Elixir 87.3%
  • JavaScript 6.8%
  • HTML 5.6%
  • Other 0.3%