X-Git-Url: http://git.squeep.com/?p=squeep-indie-auther;a=blobdiff_plain;f=README.md;fp=README.md;h=b5e6fb28054706ab2654062300dbe4cca7431c28;hp=e37aea1d3e989dbc9147e864f9fe18c13f375869;hb=726cd980f0ed5588cfe8cbb2d994d5e4aef6e292;hpb=3c145bc590577c738df4d279744f3e2f9a250294 diff --git a/README.md b/README.md index e37aea1..b5e6fb2 100644 --- a/README.md +++ b/README.md @@ -12,23 +12,25 @@ A ```user``` is an entity known to this service, with a credential (currently a Authentication of a ```user``` is handled by either a [hashed password](https://en.wikipedia.org/wiki/Argon2) stored securely in one of the available database engines, or by optionally delegating to the host machine's [PAM subsystem](https://en.wikipedia.org/wiki/Pluggable_Authentication_Modules). PAM can be used to leverage, exempli gratia, LDAP integration for user authentication. -A ```profile``` is a URL (under control of a ```user```) which contents includes the necessary meta-data informing an application to contact this server for identification validation. Each ```user``` may have one or more ```profile```s. +A ```profile``` is a URL (under control of a ```user```) which contents includes the necessary meta-data informing an application to contact this service for identification validation. Each ```user``` may have one or more ```profile```s. Each ```profile``` may also be associated with a customizable list of additional [scopes](https://www.oauth.com/oauth2-servers/scope/) which may be added to any application client grant for convenience. An example of the user-interface when granting consent to a client application: ![Consent page](./documentation/media/consent-page.png) -A rudimentary ticket-sending UI is also available: -![Ticket Offer page](./documentation/media/ticket-page.png) - ## Resource Service Integration Other services (resources) may make calls to validate token grants by configuring a pre-shared secret, and authenticating to this server using [an HMAC-style bearer token scheme](https://git.squeep.com/?p=squeep-resource-authentication-module;a=blob_plain;f=README.md;hb=HEAD). ## Ticket Auth -This service can accept proffered [authentication tickets](https://indieweb.org/IndieAuth_Ticket_Auth). It will simply publish any proffered tickets for valid profiles to a configured AMQP/RabbitMQ queue for some other service to redeem and make use of. +This service can accept proffered [authentication tickets](https://indieweb.org/IndieAuth_Ticket_Auth). It will attempt to redeem any proffered tickets, then publish the resulting tokens to a configured AMQP/RabbitMQ queue for other services to make use of. If no AMQP server is configured, the ticket endpoint will be disabled and not advertised. + +Ensure the output of the script `bin/ticket-queue-profile.js` is executed on RabbitMQ server to install the needed queue profile. + +A rudimentary ticket-sending UI is also available: +![Ticket Offer page](./documentation/media/ticket-page.png) ## Architecture