Overview Overview
With NDS Labs v 1.0, we manage rudimentary account information in etcd and support account creation through a simple form. Going forward, we need to support standard account signup and approval workflows, as well as password recovery and management. We've discussed leveraging Oauth using external IdPs (e.g., Github) as a potential solution. This would allow us to hand off primary identity and password management.
...
- Implementing Oauth 2.0 support in NDS Labs, with support for one or more Oauth providers
- Implementing a basic approval mechanism to allow us to control who has access to the system
...
Optionally, we could continue to use our rudimentary scheme, adding password management and account verification:
- Account registration with password encryption
- NDS-255
- NDS-213
- Email verification
- NDS-212
- Password management
- NDS-185
Oauth overview
https://developer.github.com/v3/oauth/#web-application-flow
...
Github will return a Json object with the Access code and requested user information.
Use Cases
User can sign-in with Github
NDS-330
- User selects "Sign-in" with Github
- User is redirected to https://github.com/login/oauth/authorize
- User approves access to NDS Labs
- User is redirected to callback (e.g., ndslabs.org/oauth/github)
- If no account record exists
- Account is created for user in unapproved state
- User is redirected to 403/Forbidden page
- NDS Labs support is notified of new account approval
- If account record exists and is not approved
- User is redirected to 403/Forbidden page
- If account record exists and is approved
- User is redirected to Dashboard
...