Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ibrahimgunduz34/api-2fa-demo

A demo API application with two factor authentication
https://github.com/ibrahimgunduz34/api-2fa-demo

Last synced: about 1 month ago
JSON representation

A demo API application with two factor authentication

Host: GitHub
URL: https://github.com/ibrahimgunduz34/api-2fa-demo
Owner: ibrahimgunduz34
Created: 2021-04-11T18:38:53.000Z (over 3 years ago)
Default Branch: master
Last Pushed: 2021-04-18T19:06:11.000Z (over 3 years ago)
Last Synced: 2023-03-24T03:13:29.304Z (over 1 year ago)
Language: JavaScript
Size: 119 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Two Factor Authentication Protected API Demo

## Introcution

It has been created to demonstrate an API that secured with Two Factor Authentication.

## Requirements

* NodeJS

## How To Run The Application 

Install the application dependencies including dev dependencies.

```shell

$ npm install

```

In order to start the application run the following command

```shell 

$ npm start

```

## API Endpoints

Please check `swagger.yaml` file.

## How To Run Tests

```shell 

$ npm run test

```

## Workflow

* Register - authentication with username and password - happy flow

    * Create a new user by using the register endpoint (POST /v1/security/register)

    * Authenticate the user and keep the access token from the authentication response (POST /v1/security/authenticate)

    * Try to access the secured dummy endpoint with authorization header (POST /v1/admin/dashboard)

* Authenticate - enable 2FA - happy flow    

    * Authenticate the user and keep the access token from the authentication response (POST /v1/security/authenticate)

    * Enable 2FA and keep the user secret from the api response (POST /v1/security/enable-tfa)

    * Store the user secret in an authenticator application (Example: Google Authenticator)

* Authenticate - Verify 2FA code - happy flow    

    * Authenticate the user and keep the short life access token from the authentication response (POST /v1/security/authenticate)

    *  Check the authenticator application in your phone and keep the verification code

    * Verify the code and keep the long life access token from the api response (POST /v1/security/verify-tfa-code)

    

## TODOs:

* ~~Incoming requrest validation~~

* ~~Registration~~

* ~~Authentication~~

* ~~Create a dummy endpoint to be secured by access control~~

* ~~Token based authentication~~

* ~~Secure the dummy endpoint and allow access to authentication/register endpoints~~

* ~~Store the user password with encryption~~

* ~~Open API document~~

* ~~Create integration tests regarding the current authentication/register flows~~

* README file (In progress)

* ~~Enable a user's two factor authentication (Return the the key for the first phase)~~

* ~~Verify an authentication code provided by an authentication application such as Google Authenticator~~

* ~~Create new test cases regarding enabling 2FA and code verification (Find a way to simulate authenticator app)~~ 

* Generate QR code to be used by the authenticator applications

* Update the 2FA enabler endpoint as it's gonna return the qr code image url instead of key

* Update the integration tests

* ~~Integrate code analysis tool (jslint...)~~

* ~~Create CI pipeline~~