Skip to content

openhotel/auth-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
api.http
api.http
 
 
deno.json
deno.json
 
 
deno.lock
deno.lock
 
 
mod.ts
mod.ts
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Auth example

Static Badge Static Badge

  • OHAP: OpenHotel Auth Protocol

This projects helps people who want to implement their own auth methods following the OHAP with a functional and secure example.

How to run the project

Dependencies

  • Install deno >= 1.44

Start project

  • Run deno task start

OHAP Schema

  • Client tries to join OH
  • OH calls Auth with /create-ticket with a redirectUrl and ticketKey
  • OH returns ticketId + authUrl to client
  • Client travels to authUrl
  • Client call /login with ticketId and they credentials
    • or Client call /refresh-token with ticketId and sessionId + refreshToken
  • Auth sends client sessionId + token and redirectUrl
  • Client travels to redirectUrl
  • Client calls OH with sessionId + token + ticketId
  • OH calls Auth with /claim-session with sessionId + token + ticketId + ticketKey
  • OH confirms Client identity
  • Client now is happy

How OHAP works

Configure OpenHotel config.yml file with:

...
auth:
  # Redirects user to client url
  redirectUrl: https://client.openhotel.club
  # Auth website
  url: https://auth.openhotel.club
  # Auth service url (it will call /create-ticket and /claim-session)
  api: https://auth.openhotel.club/api/v2/server
...

POST /create-ticket

// Server side

Request:
{
  "redirectUrl": "string",
  "ticketKey": "string"
}
  • redirectUrl redirects user when login is fulfilled
  • ticketKey is a random string generated by the server to verify the identity of the server and the ticket origin. This key cannot be exposed to users.
Response:
{
  "status": 200,
  "data": {
    "ticketId": "string"
  }
}
  • ticket duration needs to be 2 hours
  • ticket is destroyed when the login (or refresh-session) petition is fulfilled

POST /login

// Client side

Request:
{
  "ticketId": "string",
  
  "email": "string",
  "password": "string"
}
Response:
{
  "status": 200,
  "data": {
    "redirectUrl": "string",
    
    "sessionId": "string",
    "token": "string",
    //Optional
    "refreshToken": "string"
  }
}
  • ticketId duration change to 5 minutes
  • (sessionId + token) duration would be 5 minutes
  • (sessionId + refreshToken) duration would be 7 days
  • Redirect user to redirectUrl

POST /claim-session

// Server side

Request:
{
  "ticketId": "string",
  "ticketKey": "string",
  
  "sessionId": "string",
  "token": "string"
}
Response:
{
  "status": 200,
  "data": {
    "accountId": "string",
    "username": "string"
  }
}
  • ticketId is destroyed
  • token is destroyed

POST /register

// Client side

Request:
{
  "email": "string",
  "username": "string",
  "password": "string"
}
Response:
{
  "status": 200
}

Optional:

POST /refresh-session

// Client side

Request:
{
  "ticketId": "string",
  
  "sessionId": "string",
  "refreshToken": "string"
}
Response:
{
  "redirectUrl": "string",
  
  "token": "string",
  "refreshToken": "string"
}

  • ticketId is destroyed

  • sessionId is still the same

  • (sessionId + token) duration would be 5 minutes

  • (sessionId + refreshToken) duration would be 7 days

  • Redirect user to:

    redirectUrl?ticketId=ticketId&sessionId=sessionId&token=token

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages