Key management for PICL users
Перейти к файлу
Zachary Carter 783ef68690 remove WIP code; Hapi error objects are returned directly from the users module 2013-02-25 13:31:35 -08:00
config add aws config 2013-02-22 15:17:24 -08:00
lib have unknown user errors return a 404 response 2013-02-25 13:08:12 -08:00
routes remove WIP code; Hapi error objects are returned directly from the users module 2013-02-25 13:31:35 -08:00
scripts/aws couchbase isntall scripts 2013-02-22 11:57:07 -08:00
test make trailing slash optional on /user route 2013-02-25 13:11:16 -08:00
.awsbox.json awsbox support 2013-02-22 11:56:33 -08:00
.gitignore initial keyserver implementation 2013-02-15 15:32:59 -08:00
LICENSE initial keyserver implementation 2013-02-15 15:32:59 -08:00
README.md make device ID optional 2013-02-20 11:56:05 -08:00
index.js initial keyserver implementation 2013-02-15 15:32:59 -08:00
package.json initial keyserver implementation 2013-02-15 15:32:59 -08:00
server.js initial keyserver implementation 2013-02-15 15:32:59 -08:00

README.md

picl-keyserver

Key management for PICL users

API

You can currently create a new user account, add additional devices, and bump the class A key version.

All API calls take a JSON payload of an email address. E.g.:

{
  email: bob@example.com
}

or, for GET requests: ?email=bob@example.com.

Eventuall, they might take an assertion:

{
  assertion: <persona generated assertion>
}

NULL security model

Clients can safely ignore version and deviceId in API responses. These are intended for key revocation, but they won't be used in early prototypes.

POST /user

Creates a new user account and generates a class A key.

Returns:

{
  success: true,
  kA: <32 random bytes in hex>,
  version: 1,
  deviceId: <32 random bytes in hex>
}

POST /device

Registers a new device with the user account.

Returns

{
  success: true,
  kA: <user's current kA>,
  version: <kA version>
  deviceId: <newly generated deviceId>
}

GET /user/[deviceId]

Fetches the user's current key. deviceId is not required.

Returns

{
  success: true,
  kA: <user's current kA>,
  version: <kA version>
}

POST /user/bump/{deviceId}

Not used in NULL authentication model

This creates a new class A key for the user and bumps the version number. All devices besides the device that initiated the call will be marked as having an outdated key.

Returns

{
  success: true,
  kA: <newly generated kA>,
  version: <kA version>
}