# oAuth2 The auth server is a node server that uses in the oAuth2 protocol. It currently allows for validating users through a username/password, an email adres or unique code (mostly used for voting, often send by letter) and e-mail. Optionally it allows for login through SMS.\ Anonymous users are also 'logged in', usually through entering a postcode. ### User Roles There are 5 available user roles per client. Admin panel is it's own client. If admin of admin panel has access to all data available in the panel. | Role | Description | | --------- | ------------------------------------------------------------------- | | Admin | Full rights to all user data and site content of the specific site. | | Editor | Full rights to all user data and site content of the specific site. | | Moderator | Full rights to all user data, no access to managing site content. | | Member | Rights to it's own data and content | | Anonymous | Minimal user data, for some application liking without logging in. | ### Generate certificates with openssl (used for signing JSON tokens) ``` openssl genrsa -out privatekey.pem 2048 openssl req -new -key privatekey.pem -out certrequest.csr openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem ``` Put them in a dir called /certs. Code expects certs/privatekey.pem. ### Login with token After generating the token the console outputs. If you miss this you can find this in the mysql table: unique\_codes (should just be one row). This code will allow you to login with a unique token. After you will be asked. You can change the login options at the client screen. ## Integration with external sites #### 1. Create a client in the mysql database. Set the site Url en redirectUrl. Give the site a good name, they will see this in different login screens. #### 2. Use an NodeJS oAuth2 client to integrate For instance grant or ... Authorize url: APP\_URL/dialog/authorize Access url: APP\_URL/oauth/token A rough admin panel was developed, but not being used since we use the openstad admin panel for this, a rough working version with views & routes can be found in the branch feature/rough-admin-panel ## DEVELOPMENT If you are run a dev environment without SSL, turn off secure cookies in .env ``` COOKIE_SECURE_OFF=yes ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openstad.org/openstad/technical/oauth2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.