diff options
| author | benj <benj@rse8.com> | 2022-12-24 00:43:38 -0800 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2022-12-24 00:43:38 -0800 |
| commit | c2268c285648ef02ece04de0d9df0813c6d70ff8 (patch) | |
| tree | f84ec7ee42f97d78245f26d0c5a0c559cd35e89d /crates/secd/README.md | |
| parent | de6339da72af1d61ca5908b780977e2b037ce014 (diff) | |
| download | secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.gz secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.bz2 secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.lz secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.xz secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.tar.zst secdiam-c2268c285648ef02ece04de0d9df0813c6d70ff8.zip | |
refactor everything with more abstraction and a nicer interface
Diffstat (limited to 'crates/secd/README.md')
| -rw-r--r-- | crates/secd/README.md | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/crates/secd/README.md b/crates/secd/README.md new file mode 100644 index 0000000..5786d0c --- /dev/null +++ b/crates/secd/README.md @@ -0,0 +1,54 @@ +// maybe motif instead of thread? + +// Email Address validation example +thread = start_thread(EmailAddressValidation, "b@g.com"); +thread = advance_thread(AddressValidation, token, code); +session = complete_thread(thread.id); + +// Sms validation example +thread = start_thread(SmsAddressValidation, "12133447460"); +thread = advance_thread(SmsAddressValidation, token, code); + +// New passphrase +credential = create_credential(Passphrase, "b@g.com", "p4ssw0rd"); +thread = start_thread(Passphrase, "b@g.com", "p4ssw0rd"); +session = complete_thread(thread.id); + +// New Totp +credential = create_credential(Totp); +thread = start_thread(Totp, code); +session = complete_thread(thread.id); + +// New OneTimeCodes +credential = create_credential(OneTimeCode); +thread = start_thread(OneTimeCodes, code); +session = complete_thread(thread.id); + +// MFA example which requires totp after email +thread = start_thread(Passphrase, "b@g.com", "p4ssw0rd"); +Thread { Proof: { credential: [totp] } } +thread = advance_thread(Totp, code); +session = complete_thread(thread.id); + + +// REST entities +Identity +Credential +Address +Motif +Session + +// example +POST /api/auth/email-validation +motif = start_motif(EmailAddress, "b@g.com", None) +--> an email has been sent with this motif.id + code and stuff +user clicks on email +GET /api/auth/email-validation/complete?motif_id=1234 +session = complete_thread(motif_id) + +under the hood, it looks up the thread_id, sees that it belongs to an email validation, validates the email, creates a new identity if it's not already attached, creates a session and returns that session. + +GET /oidc/provider?state=123444 -- state validated by client +POST /api/auth/oidc { data ... } +motif = start_motif(Oidc, access_token, data) +session = complete_motif(motif.id) |