https://github.com/curityio/device-secret-authenticator

An authenticator accepting a nonce issued from the token profile to achieve SSO functionality
https://github.com/curityio/device-secret-authenticator

authenticator device-secret nonce plugin

Last synced: 10 months ago
JSON representation

An authenticator accepting a nonce issued from the token profile to achieve SSO functionality

• Host: GitHub
• URL: https://github.com/curityio/device-secret-authenticator
• Owner: curityio
• License: apache-2.0
• Created: 2022-11-28T15:19:03.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2023-08-31T11:25:00.000Z (over 2 years ago)
• Last Synced: 2025-01-30T13:29:56.334Z (11 months ago)
• Topics: authenticator, device-secret, nonce, plugin
• Language: Kotlin
• Homepage:
• Size: 25.4 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Device Secret Authenticator Plugin

[![Quality](https://img.shields.io/badge/quality-demo-red)](https://curity.io/resources/code-examples/status/)

[![Availability](https://img.shields.io/badge/availability-source-blue)](https://curity.io/resources/code-examples/status/)

An authenticator accepting a nonce issued by the token profile for the purpose of native SSO. It is made to work similar to [OpenID Connect Native SSO](https://openid.net/specs/openid-connect-native-sso-1_0.html), but using the Hypermedia Authentication API instead of token exchange. 

This is just a demo of the capability and is not production ready.

## Configuration

Configure the token endpoint to issue a nonce together with the issued tokens. Similar to following:

```javascript

var nonceIssuer = context.getNonceTokenIssuer('default');

var nonceAttributes = {};

nonceAttributes.subject = context.subjectAttributes();

nonceAttributes.context = context.contextAttributes();

nonceAttributes.created = accessTokenData.iat;

nonceAttributes.expires = refreshTokenData.exp;

```

## Building the Plugin

You can build the plugin by issue the command `./gradlew packageJar`. This will produce a folder in the `build` directory with the plugin JAR file and all the dependencies needed called `authenticators.device-secret`, which can be installed.

## Installing the Plugin

To install the plugin, copy the contents of the `authenticators.device-secret` folder into `${IDSVR_HOME}/usr/share/plugins` on each node, including the admin node. For more information about installing plugins, refer to the [curity.io/plugins](https://support.curity.io/docs/latest/developer-guide/plugins/index.html#plugin-installation). 

If you are installing on the same machine, make sure that `IDSVR_HOME` is correctly exported in your shell, and iss `./gradlew deploy` to build and copy the correct files.

## More Information

Please visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.