# oAuth2

The auth server is a node server that uses in the oAuth2 protocol. It currently allows for validating users through a username/password, an email adres or unique code (mostly used for voting, often send by letter) and e-mail. Optionally it allows for login through SMS.\
Anonymous users are also 'logged in',  usually through entering a postcode.

### User Roles

There are 5 available user roles per client. Admin panel is it's own client.

If admin of admin panel has access to all data available in the panel.

| Role      | Description                                                         |
| --------- | ------------------------------------------------------------------- |
| Admin     | Full rights to all user data and site content of the specific site. |
| Editor    | Full rights to all user data and site content of the specific site. |
| Moderator | Full rights to all user data, no access to managing site content.   |
| Member    | Rights to it's own data and content                                 |
| Anonymous | Minimal user data, for some application liking without logging in.  |

### Generate certificates with openssl (used for signing JSON tokens)

```
openssl genrsa -out privatekey.pem 2048
openssl req -new -key privatekey.pem -out certrequest.csr
openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem
```

Put them in a dir called /certs. Code expects certs/privatekey.pem.

### Login with token

After generating the token the console outputs. If you miss this you can find this in the mysql table: unique\_codes (should just be one row). This code will allow you to login with a unique token. After you will be asked. You can change the login options at the client screen.

## Integration with external sites

#### 1. Create a client in the mysql database.

Set the site Url en redirectUrl. Give the site a good name, they will see this in different login screens.

#### 2. Use an NodeJS oAuth2 client to integrate

For instance grant or ...

Authorize url: APP\_URL/dialog/authorize Access url: APP\_URL/oauth/token

A rough admin panel was developed, but not being used since we use the openstad admin panel for this, a rough working version with views & routes can be found in the branch feature/rough-admin-panel

## DEVELOPMENT

If you are run a dev environment without SSL, turn off secure cookies in .env

```
COOKIE_SECURE_OFF=yes
```