THIS IS AN OLD REPOSITORY! Check new repositories
Microservice for Authentication: Restlike & Social.
The protocol is similar to Kerberos, having "main" and "micro" tokens.
This code is still in beta stage, so it should be used with care.
Still only Python 2.
- Use the
loginendpoints to get a
- Use the
microtoken to access the other microservices.
- Use the
maintoken to get a new
microtoken or logout.
- A micro token cannot be invalided besides by expiration time. So it must have a short life.
- The Vira-Lata keeps control of invalidated main token, so they can have longer lives. But the other microservices don't know if a main token was invalidated, so they should only accept micro tokens.
- Micro tokens cannot be used to get a new micro token. This would allow infinite renew. Only main tokens can be used for this purpose.
The tokens are JWTs. To sign them the Vira-Lata needs a private key. The other micro services need the public key.
The tokens have
username (username of the user),
type ("micro" or "main") and an
exp (expiration time) field.
$ python setup.py develop
If you are using Postgres:
$ pip install psycopg2
You will also need to generate an RSA key and place it in
The public key will be used by the other micro services to validate the tokens.
The password for the key file must be set in
Create the database and user, set them in
SQLALCHEMY_DATABASE_URI = 'postgresql://<user>:<password>@localhost/<database>'
$ python manage.py initdb
$ python manage.py run
This code should be OpenShift ready. So it should be possible to host it for free.
Using rhc (don't forget to set the URL for the used repository; maybe this one?):
rhc app create viralata python-2.7 postgresql-9.2 --from-code=<code-for-repo>
Looks like OpenShift Postgres is not doing Vacuum, so we do it with a cron job:
rhc cartridge add cron -a viralata
You will also need a
key file and a
You can use
settings/local_settings.openshift_example.py as an example for the second one.
Place both files in
~/app-root/data/, inside the OpenShift gear.
And, from inside the gear, using SSH, init the DB:
. $OPENSHIFT_PYTHON_DIR/virtenv/bin/activate ~/app-root/repo python manage.py -s $OPENSHIFT_DATA_DIR initdb
Needs a 'static' doc, but accessing the root of a hosted instance it's possible to see a Swagger doc.
If you are using Gmail to send forgot password e-mails, it's possible it will block sending them, by security restrictions. After the problem happened, you can unlock it here.