Closed veris-ankitpopli closed 7 years ago
:question::question: TechM & E&Y buys Veris services. Both configure the lock in a similar way:
Assumption: User configured Google Authenticator when E&Y added him as a member.
:smirk: Looked for enabling same providers per different organization.
There are two ways of doing this.
django Site framework
Django
to enabling the same).organization
add any provider create a domain
for that org and add provider accordingly.provider
and organization
, org-domain
we have issued. organization
their domain names (which we created) then everything will work well. no hooks need :bowtie: .enterprise.veris.in
) then we have to write a hook :fearful: (probably a middle-ware
) which will change the domain based on organization in request on the fly so that all auth can select appropriate provider for that organization. Fork and override all auth :scream:
all auth
is selecting the social provider
, they are using current side for this , if we add organization filter
with that then our problem will be resolved.organization
and provider
. So tomorrow will be the judgement day :mortar_board: , If we didn't select the best way then get ready for :bamboo:
😤 https://branch.io/ {tried it for app links and deep linking but it's server stopped in between (really bad uptime)} 🚀 LinkingIOS for react native
Links are dynamic now, changing as per idp. Integrated branch.io (deep linking working fine, app links not working as expected on android 6.0+)
Next UP - multiple organizations, would use the same widget, to serve their members with separate processes.
Ref #11
:rocket: MFA
django-two-factor-auth
:-1: tied with django sessions. Will have to wire it up with DRF.
:+1: better documentation as compared to deux :point_up_2:
:+1: gives end to end flow for MFA. (:+1: :+1: for reference, even if we decide not to use this.)
:+1: includes Google Authenticator/Authy support based on TOTP
pyotp - if none of the above :point_up_2: fits well, :point_left: should come in handy.
:thinking:
X-HTTP-MFA
header (as suggested by @peeyush-tm) makes much more sense than providing separate auth URLs :disappointed: :thinking: Get started with Veris Lock :wink: (Login Widget) and test MFA :point_up_2:.