Repository: incubator-milagro-mfa-sdk-core Updated Branches: refs/heads/master a0352396e -> 16308c749
Update documentation Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-sdk-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-sdk-core/commit/16308c74 Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-sdk-core/tree/16308c74 Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-sdk-core/diff/16308c74 Branch: refs/heads/master Commit: 16308c7491f524e711fa87dbafc95724a4df6189 Parents: a035239 Author: Simeon Aladjem <[email protected]> Authored: Thu Nov 17 17:51:42 2016 +0200 Committer: Simeon Aladjem <[email protected]> Committed: Thu Nov 17 17:51:42 2016 +0200 ---------------------------------------------------------------------- Mobile App Login.png | Bin 0 -> 121190 bytes Mobile App Login.txt | 44 ++++++++++++++++++++++++++++++++++++++++++++ README.md | 20 ++++++++++++++++++++ 3 files changed, 64 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-sdk-core/blob/16308c74/Mobile App Login.png ---------------------------------------------------------------------- diff --git a/Mobile App Login.png b/Mobile App Login.png new file mode 100644 index 0000000..6b901d3 Binary files /dev/null and b/Mobile App Login.png differ http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-sdk-core/blob/16308c74/Mobile App Login.txt ---------------------------------------------------------------------- diff --git a/Mobile App Login.txt b/Mobile App Login.txt new file mode 100644 index 0000000..c101009 --- /dev/null +++ b/Mobile App Login.txt @@ -0,0 +1,44 @@ +title Mobile App Login + +participant Mobile App as mobapp +participant Mobile SDK as mobsdk +participant MFA Platform as mfa +participant App Backend as appbe +participant Backend SDK as besdk + +note over mobapp: + The Mobile App has possetion + of the Client ID, issued by + the MFA Platform +end note + +note over appbe: + The App Backend has possetion + of the Client ID and the Client Secret, + issued by the MFA Platform +end note + +mobapp->mobsdk: SetClientId(<clientId>) +mobsdk-->mobapp: Status OK +mobapp->mobsdk: StartAuthentication(user) +mobsdk-->mobapp: Status OK +mobapp->mobapp: Get PIN from end-user +mobapp->mobsdk: FinishAuthenticationMFA(user, PIN, &authzCode) +mobsdk<->mfa: Authentication Pass 1, header: X-MIRACL-Client-ID: <clientId> +mobsdk->mfa: Authentication Pass 2, header: X-MIRACL-Client-ID: <clientId> +mfa-->mobsdk: OK, data: authOTT +mobsdk->mfa: POST /authenticate, header: X-MIRACL-Client-ID: <clientId>, data: authOTT +mfa-->mobsdk: OK, data: {"code": <authzCode>} +mobsdk-->mobapp: Status OK, authzCode +mobapp->appbe: App-sepcific request for data or for authentication validation, pass <userId>, <authzCode> +appbe->besdk: validate_authorization(), passing in <authzCode> +besdk->mfa: Token Endpoint, passing <authzCode> +mfa-->besdk: Access Token, ID Token +besdk->besdk: Validate ID Token +besdk-->appbe: Access Token +appbe->besdk: get_user_id() +besdk-->appbe: User ID +appbe->appbe: Verify User ID == <userId> +appbe->appbe: (Optional) Generate app-specific Authentication Token +appbe-->mobapp: App-specific response, pass back either\nAccess Token or app-specific Authentication Token +mobapp<->appbe: Get data using provided Token http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-sdk-core/blob/16308c74/README.md ---------------------------------------------------------------------- diff --git a/README.md b/README.md index d9f29a1..fb1bbc0 100644 --- a/README.md +++ b/README.md @@ -263,6 +263,11 @@ MPinSDK::Status s = sdk->Init( config, Context::Instance() ); This method clears the `MPinSDK` instance and releases any allocated data by it. After calling this method, one should use `Init()` again in order to re-use the `MPinSDK` instance. +##### `void SetClientId(const String& clientId);` +This method will set a specific _Client ID_ which the SDK should use when sending requests to the backend. +As an example, the MIRACL MFA Platform issues _Client IDs_ for registered applications, which use the platform for authenticating users. +When the SDK is used to authenticate users specifically for this registered application, the _Client ID_ should be set by the app using this method. + ##### `Status TestBackend(const String& server, const String& rpsPrefix = "rps") const;` This method will test whether `server` is a valid back-end URL by trying to retrieve Client Settings from it. Optionally, a custom RPS prefix might be specified if it was customized at the back-end and is different than the default `"rps"`. @@ -453,6 +458,13 @@ The returned status might be: * `Status::INCORRECT_PIN` - The authentication failed because of incorrect PIN. After the 3rd (configurable in the RPS) unsuccessful authentication attempt, the method will still return `Status::INCORRECT_PIN` but the User State will be set to `BLOCKED`. * `Status::INCORRECT_ACCESS_NUMBER` - The authentication failed because of incorrect Access Number. +##### `Status FinishAuthenticationMFA(INOUT UserPtr user, const String& pin, OUT String& authzCode);` +This method is almost identical to the standard `FinishAuthentication()`, but it returns back an _Authorization Code_, which should be used further by the app back-end to validate the authenticated user. +This method is useful when authenticating users against the MIRACL MFA Platform. +For this flow to work, the app should also set a _Client ID_ through the `SetClientId()` method. +The Platform will provide the _Authorization Code_ as a result from the authentication. +This code should be then passed by the app to the back-end, where it should be verified using one of the MFA Paltform SDK flavors. + ##### `bool CanLogout(IN UserPtr user);` This method is used after authentication with an Access Number/Code through `FinishAuthenticationAN()`. After such an authentication, the Mobile Device can log out the end-user from the Browser session, if the RPA supports that functionality. @@ -482,3 +494,11 @@ Client settings that might interest the applications are: ##### User Authentication to an Online Session  + +#### MIRACL MFA Platform Flows + +##### Authentication into a Mobile App + + +##### Authentication to a Web App +_Coming soon..._ \ No newline at end of file
