search

TanmoySG / wunder-identity-provider

ID Provider for Wunder Platform. Authentication & Authorization Server for all wunder products
3 stars 0 forks source link

Define logic for `Register` #3

Closed TanmoySG closed 2 years ago

TanmoySG commented 2 years ago

Define a operating logic for Registration through wunder Identity Provider.

TanmoySG commented 2 years ago

wIP-Registration-HighLevel-v1

Defined Registration Architecture

TanmoySG commented 2 years ago

Identity Structure Specifications

Identifiers - email (user provided) & uID (wIP Generated)

Credentials - email & password (SHA256 Hashed)

Identity Units

Identity Units are various information bits that are stored for each user. These are provided by the user.

Email , Name , Password (hash)

Authentication Units

These are various information, like - tokens and IDs that are uses for Authentication, Authorization and Access. These are generated by the system.

uID , Admin Access Token , Core Service Configuration , Services Subscribed , Service Access Tokens

Complete Identity Structure

The following is a rough Identity Structure that will be implemented in wIP.

{
  "email" : <email> ,
  "user_uID" : <wIP Generated uID > ,
  "name" : <Name of User> ,
  "password" : <SHA-256 Hash of Password> ,
  "admin_access_token" : <wIP Provisioned Token> ,
  "services" : {
    "service_1" : {
      "service_ID" : < Same as uID> ,
      "service_name" : <Name of Service> ,
      "service_access_token" : <wIP Provisioned Token> ,
      "service_config" : <JSON describing a Initial Service Config, if any>
    },
    "service_2" : {
      "service_ID" : < Same as uID> ,
      "service_name" : <Name of Service> ,
      "service_access_token" : <wIP Provisioned Token> ,
      "service_config" : <JSON describing a Initial Service Config, if any>
    },
    ...
  }
}

Email is used as Primary Identifier for each user. 

{
  "email1@test.com" : {
    "email" : <email> ,
    "user_uID" : <wIP Generated uID > ,
    "name" : <Name of User> ,
    "password" : <SHA-256 Hash of Password> ,
    "admin_access_token" : <wIP Provisioned Token> ,
    "services" : {
      "service_1" : {
        "service_ID" : < Same as uID> ,
        "service_name" : <Name of Service> ,
        "service_access_token" : <wIP Provisioned Token> ,
        "service_config" : <JSON describing a Initial Service Config, if any>
      },
      "service_2" : {
        "service_ID" : < Same as uID> ,
        "service_name" : <Name of Service> ,
        "service_access_token" : <wIP Provisioned Token> ,
        "service_config" : <JSON describing a Initial Service Config, if any>
      },
      ...
    }
  },
  "email2@test.com" : {...},
  "email3@test.com" : {...},
  ...
}
TanmoySG commented 2 years ago

Access-Types-Logic Access Types - for reference read #8 comments or The Curious case of Login and the various Tokens.

TanmoySG commented 2 years ago

Updated Documentation in README.md inside the architecture directory in the dev branch.