meta-tech/pws-auth
meta-tech/pws-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update README

Browse Source
This commit is contained in:
a-sansara 2017-03-13 15:58:15 +01:00
parent 81f3103ee0
commit a8dc2cfdd2
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README.md
View File

@ -4,14 +4,14 @@ PwsAuth is an authentication protocol throught http header designed to web servi
## Request Headers ## Request Headers
request headers must be define as follow : Request headers must be define as follow :
Pws-Authorization : $type $token Pws-Authorization : $type $token
Pws-Ident : $userkey Pws-Ident : $userkey
the **$token** can be either a `loginToken` or a `sessionToken` The **$token** can be either a `loginToken` or a `sessionToken`
the **$token** is divided in four part The **$token** is divided in four part
* a datetime formatted with the `Authenticator::DATE_FORMAT` format * a datetime formatted with the `Authenticator::DATE_FORMAT` format
* an obfuscate part 's token builded by date, common salt & the third token 's part * an obfuscate part 's token builded by date, common salt & the third token 's part
@ -20,8 +20,8 @@ the **$token** is divided in four part
a session token representing the session id a session token representing the session id
* noise data to be removed * noise data to be removed
the complete token is valid only if obfuscate part can be rebuild The complete token is valid only if obfuscate part can be rebuild.
this simple mecanism ensure that **sessionId** is valid and can be safety load This simple mecanism ensure that **sessionId** is valid and can be safety load
Authenticator 's configuration comes with a `hash.session.index` and `hash.noise.length` values Authenticator 's configuration comes with a `hash.session.index` and `hash.noise.length` values
wich can be redefined to move the session token part into the complete token wich can be redefined to move the session token part into the complete token
@ -35,24 +35,24 @@ wich can be redefined to move the session token part into the complete token
### ClientSide ### ClientSide
a request header can be generated via the `generateHeader($login, $key, $sessid=null)` method A request header can be generated via the `generateHeader($login, $key, $sessid=null)` method.
the third parameter determine wich kind of token will be generated The third parameter determine wich kind of token will be generated
### ServerSide ### ServerSide
the Token can be retriew via the `getToken` method The Token can be retriew via the `getToken` method
`loginToken` is validate by the `check(Token $token, $login)` method `loginToken` is validate by the `check(Token $token = null, $login)` method
`loginToken` must match a public url with method `POST` and a couple of login/password `loginToken` must match a public url with method `POST` and a couple of login/password
on successfull login, the session id must be transmit to the client. On successfull login, the session id must be transmit to the client.
`sessionToken` is valid only if the session can effectively be loaded, and the `sessionToken` is valid only if the session can effectively be loaded, and the
user key match the given `Pws-Ident` value user key match the given `Pws-Ident` value
### Configuration ### Configuration
configuration must be the same on server and client sides Configuration must be the same on server and client sides
hash definition is a convenient way to obfuscate your tokens Hash definition is a convenient way to obfuscate your tokens
```yaml ```yaml
pwsauth : pwsauth :
@ -95,5 +95,5 @@ $authenticator = new Authenticator($config['pwsauth']);
### Notes ### Notes
a valid `$userkey` alone is useless A valid `$userkey` alone is useless
a valid `$sessionId` alone is useless A valid `$sessionId` alone is useless