Skip to content

TokTok : an auth microservice as an API REST based on JWT (check the docs here)

License

Notifications You must be signed in to change notification settings

co-demos/toktok

This branch is 59 commits ahead of, 57 commits behind entrepreneur-interet-general/solidata_backend:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

dda5c16 · Jul 1, 2019
Jul 1, 2019
Jun 9, 2019
Jun 6, 2019
Jun 9, 2019
Jun 18, 2018
Feb 21, 2019
Feb 21, 2019
Jan 23, 2019
Jul 23, 2018
Jun 6, 2019
Jun 18, 2018
Jun 9, 2019
Feb 22, 2019
Jun 18, 2018
Jun 6, 2019
Feb 26, 2019
Jun 8, 2019
Jun 9, 2019
Jun 6, 2019
Jun 9, 2019
Jun 18, 2018
Jun 18, 2018
Jan 31, 2019
Jun 8, 2019
Jun 8, 2019
Jun 8, 2019
Jun 8, 2019

Repository files navigation

an open source
authentication REST API microservice



PRESENTATION

TokTok is a microservice (a REST API) for users management and authentication based on access and refresh JSON Web Tokens (JWT)


GOALS

  • a simple server to manage users and authorizations based on JWT exchanges between client and server
  • possibility to switch on/off some extra features as : RSA decryption/encryption, anonymous JWT, sending confirmation email

DEVELOPERS


TECHNICAL POINTS

Tech stack

  • Language : Python 3.6... praise be...
  • Framework : Flask... minimalistic Python framework
  • API : Flask-RestPlus... Swagger documentation integrated, praise be noirbizarre...
  • Security : Flask-JWT-extended... wrapper JWT for Flask
  • Emailing : Flask-email... templating, sending, etc...
  • and more...

Features :

  • JWT (JSON Web Tokens) :

    • access and refresh token for security over all the app
  • RSA encryption (optionnal)

    • RSA encryption : server can send to the client a RSA public key for encryption client-side
    • RSA decryption : server can decode forms (login/register) encoded client-side with the RSA public key
  • Users management :

    • login / register user
    • anonymous login (optionnal) : sends a JWT for an anonymous use. Can be expected by server for routes with @anonymous_required decorator like /login or /register
    • confirm email (optionnal in dev mode): confirm user by sending a confirmation link (protected) in an email
    • password forgotten by sending a link (protected) in an email with redirection to new password form
    • reset password from client interface (protected) ... s
  • Documentation

    • on all API endpoints with Swagger (and some patience from the developers)
Features TO DO :
  • user :
    • edit user (working on)
    • edit email (protect email update)

INSTALLATION WALKTHROUGH

LOCALLY

  • clone / fork the depo

     git clone https://github.com/co-demos/toktok.git
  • create a virtual environment for Python3

     python3 -m venv venv
     source venv/bin/activate
     pip install --upgrade pip
     pip install -r requirements.txt
  • optionnal : create a secret config_file config_prod.py in the folder ./auth_api based

     cp ./auth_api/config_prod_example.py ./auth_api/config_prod.py
     nano ./auth_api/config_prod.py 
  • pay attention at the MONGO_URI variable depending on your local mongodb configuration...

    • The following is the standard URI connection scheme (from mongo documentation):
       mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]
  • run the app in itts default mode (without possibility to send email) :

     python appserver.py
  • test the following urls :

     http://localhost:4100/api/auth/documentation
     http://localhost:4100/api/usr/documentation
    
  • once you stop the app if no longer needed deactivate your virtual environment

     deactivate

CLI OPTIONS

There are some options you can play with while running the service :

  • --mode : dev (default), dev_email, preprod, production
  • --host : the IP of your server (default : localhost)
  • --port : the port you want to run the app on (default : 4100)
  • --rsa : if you want receive the forms RSA encrypted and send the RSA public key (default : no)... protects the /login + /register + /password_forgotten + /reset_password endpoints
  • --anojwt : if you need to check the presence/validity of an "anonymous_jwt" in the request (default : no)... protects the /login + /register + /password_forgotten endpoints
  • --antispam : if you need to check the presence/validity" in the request (default : no)... protects at the /login + /register + /password_forgotten endpoints
  • --antispam_val : if you need to check the validity of the content of the antispam field in the form sent by the client (default : "")

In practice :

  • you can run the app in dev mode (with possibility to send email) :

     python appserver.py --mode=dev_email
  • you can choose to deactivate the integrated RSA decryption in the /login and /register endpoints

     python appserver.py --rsa=no
  • you can choose to activate the check for an anonymous JWT in the /login and /register endpoints

     python appserver.py --anojwt=yes
  • you can choose to activate the antispam in the /login and /register endpoints

     python appserver.py --antispam=yes --antispam_val=my-value
  • you can add up those options in the command line

     python appserver.py --anojwt=no --rsa=yes --mode=dev_email --antispam=yes

PRODUCTION

  • for now we are using the following configuration

    • droplet in digitalocean.com
    • ubuntu 18.04
    • 3Go RAM / 2CPU
    • 60Go memory
  • configure your server (user, firewall...):

  • install mongodb :

  • install nginx :

  • install git on your server

    • cf : docs 1 - basically :
       sudo apt-get update
       sudo apt-get install git
       git --version
    • go to your directory and init git :
       git init . 
       git remote add origin https://github.com/co-demos/toktok.git
       git pull origin master
      
  • same steps than for local installation (virtual env, install dependencies, config_prod.py file, ) ...

  • test to run the app in production mode (with possibility to send email) :

     python appserver.py --mode=production
  • it is then necessary to set up some service on the server to run the app as daemon. You could use supervisor for instance (check our snippets and walkthrough here)


INSPIRATIONS / BENCHMARK

  • not finding a simple enough open source solution resolving the following problem : having a third party service (on a distant server) able to serve reasonnably secure tokens and manage users, so to avoid to build/re-invent a custom authentication for login/register every time we work on an app...
  • more, be able to share user/credentials between multiple services
  • we looked at Oauth2.0 (but doesn't manage users per say), meteor-password (but dialog with websocket)...

CREDITS

TokTok's team thanks :

Contacts - maintainance :


SCREENSHOTS


alt text


alt text

About

TokTok : an auth microservice as an API REST based on JWT (check the docs here)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages

  • Python 95.2%
  • HTML 4.2%
  • Makefile 0.6%