oAuth2
The auth server is a node server that uses in the oAuth2 protocol. It currently allows for validating users through a username/password, an email adres or unique code (mostly used for voting, often send by letter) and e-mail. Optionally it allows for login through SMS.
Anonymous users are also 'logged in', usually through entering a postcode.
There are 5 available user roles per client. Admin panel is it's own client.
If admin of admin panel has access to all data available in the panel.
Role | Description |
|---|---|
Admin | Full rights to all user data and site content of the specific site. |
Editor | Full rights to all user data and site content of the specific site. |
Moderator | Full rights to all user data, no access to managing site content. |
Member | Rights to it's own data and content |
Anonymous | Minimal user data, for some application liking without logging in. |
openssl genrsa -out privatekey.pem 2048
openssl req -new -key privatekey.pem -out certrequest.csr
openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem
Put them in a dir called /certs. Code expects certs/privatekey.pem.
After generating the token the console outputs. If you miss this you can find this in the mysql table: unique_codes (should just be one row). This code will allow you to login with a unique token. After you will be asked. You can change the login options at the client screen.
Set the site Url en redirectUrl. Give the site a good name, they will see this in different login screens.
For instance grant or ...
Authorize url: APP_URL/dialog/authorize Access url: APP_URL/oauth/token
A rough admin panel was developed, but not being used since we use the openstad admin panel for this, a rough working version with views & routes can be found in the branch feature/rough-admin-panel
If you are run a dev environment without SSL, turn off secure cookies in .env
COOKIE_SECURE_OFF=yes
Last modified 4mo ago