X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=README.md;h=b565597292063864df1f73328c810610e3988a5d;hb=4b7809255e4d2f07171963aacbe7488e93931da1;hp=e37aea1d3e989dbc9147e864f9fe18c13f375869;hpb=b0103b0d496262c438b40bc20304081dbfe41e73;p=squeep-indie-auther diff --git a/README.md b/README.md index e37aea1..b565597 100644 --- a/README.md +++ b/README.md @@ -12,23 +12,25 @@ A ```user``` is an entity known to this service, with a credential (currently a Authentication of a ```user``` is handled by either a [hashed password](https://en.wikipedia.org/wiki/Argon2) stored securely in one of the available database engines, or by optionally delegating to the host machine's [PAM subsystem](https://en.wikipedia.org/wiki/Pluggable_Authentication_Modules). PAM can be used to leverage, exempli gratia, LDAP integration for user authentication. -A ```profile``` is a URL (under control of a ```user```) which contents includes the necessary meta-data informing an application to contact this server for identification validation. Each ```user``` may have one or more ```profile```s. +A ```profile``` is a URL (under control of a ```user```) which contents includes the necessary meta-data informing an application to contact this service for identification validation. Each ```user``` may have one or more ```profile```s. Each ```profile``` may also be associated with a customizable list of additional [scopes](https://www.oauth.com/oauth2-servers/scope/) which may be added to any application client grant for convenience. An example of the user-interface when granting consent to a client application: ![Consent page](./documentation/media/consent-page.png) -A rudimentary ticket-sending UI is also available: -![Ticket Offer page](./documentation/media/ticket-page.png) - ## Resource Service Integration Other services (resources) may make calls to validate token grants by configuring a pre-shared secret, and authenticating to this server using [an HMAC-style bearer token scheme](https://git.squeep.com/?p=squeep-resource-authentication-module;a=blob_plain;f=README.md;hb=HEAD). ## Ticket Auth -This service can accept proffered [authentication tickets](https://indieweb.org/IndieAuth_Ticket_Auth). It will simply publish any proffered tickets for valid profiles to a configured AMQP/RabbitMQ queue for some other service to redeem and make use of. +This service can accept proffered [authentication tickets](https://indieweb.org/IndieAuth_Ticket_Auth). It will attempt to redeem any proffered tickets, then publish the resulting tokens to a configured AMQP/RabbitMQ queue for other services to make use of. If no AMQP server is configured, the ticket endpoint will be disabled and not advertised. + +Ensure the output of the script `bin/ticket-queue-profile.js` is executed on RabbitMQ server to install the needed queue profile. + +A ticket-sending UI is also available: +![Ticket Offer page](./documentation/media/ticket-page.png) ## Architecture