Welcome to TNG Software - Identity server.
Admin
Let's test oath2 login flow
TODOs:
I want to have a method of identifying a user by
- E-Mail adress
- Password (Secure level 1)
- Password + otp (Secure level 2)
- Fullname
User information:
- RFC 7519
- https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
- We need to assign some roles to users / groups
TODO
Parts
WE will be combining OAuth2 + OIDC, info parts
Some parts we need to create
- Default "Admin" user which has the right to create/destroy realms
- Default client application for managing of realm (Register clients)
- Default client application for managing account of user
Rights:
- Create Realm
- Delete Realm
- Create User in Realm
- Delete User in Realm
- Edit User in realm
- Edit own information
- Create Client in Realm
- Delete Client in Realm
- Edit Client in Realm
- Add connection to client in Realm
Client:
- When registering a client, the client developer SHALL:
- specify the client type as described in Section 2.1 (confidential / public)
- provide its client redirection URIs as described in Section 3.1.2 (A Redirection endpoint, possible with params without fragments)
- include any other information required by the authorization server (e.g., application name, website, description, logo image, the acceptance of legal terms).
- A Client Identifier is generated: (8 character internal id)
- A Client secret is generated: (24 characters random ascii)
Realms
The server is split in to realms, so we can have multiple setups running next to each other.
There is a specials realm "admin" which is used for the Server Administration, and cannot be used for other resoures/clients.
Default setup
- Realm: Admin
- User: admin@localhost
- Client: admin.id.tngserver.nl used to authenticate web admin users.
OATH 2.0
Admin - Global
Admin - Realm