core-ca-connector v0.1.2

Core-CA-Connector

Abstracts the Authentication mechanism between our ecosystem and a channel.

Deploy notes

When deploying on a new environment, remember to generate a new privateInfoToken for the config.

Features

• Handles the authentication flow for channels that have a channel description in our ecosystem.

Especially depends on:

• TLS authentication functionality.
• Redis, (for stateful business in authentication flows)

Shortcuts for MVP

To create this service as quick as possible TLS authentication functionality is repurposed to be used in a stateless manner. This is done in this matter because:

• it is not needed to rewrite the OAuth2 authentication mechanism.
• Library TLS code can be properly wrapped in a stateless flow.

Also the focus is on OAuth2 and is implemented first.

Implementation

To create a solution as quick as possible, the TLS authentication functionality is repurposed to be used in a stateless manner. Core-ca-connector offers three endpoints for the authentication flow:

Authentication flow:

• signin points the user to the external API permission page
• resolve (also called signedIn) gain the authentication code fro the external API and creates the channelaccount. Event proxy will have to follow up to notify channel
• waitConnected answer back to the user if about the success of the permission grant.