|
|
@@ -18,18 +18,18 @@ In most school (and organisations, in general), students have access to a digita
|
|
18
|
18
|
|
|
19
|
19
|
At the time this file was written, the repository contains the following directories:
|
|
20
|
20
|
|
|
21
|
|
-* `auth` is a small authentication server written in Node.js. In our very simple case, it will only ask for an username, but we can think of improving it to interact with a LDAP server. Once the user authenticated itself, it server will place a Macaroon in the user's browser, with a status caveat, depending on the route used:
|
|
22
|
|
- * If the user authed on `/`, they will have the "student" status.
|
|
23
|
|
- * If the user authed on `/teacher`, they will have the "teacher" status.
|
|
|
21
|
+* `ident` is a small identification server written in Node.js. In our very simple case, it will only ask for an username, but we can think of improving it to interact with a LDAP server. Once the user identified itself, it server will place a Macaroon in the user's browser, with a status caveat, depending on the route used:
|
|
|
22
|
+ * If the user identified on `/`, they will have the "student" status.
|
|
|
23
|
+ * If the user identified on `/teacher`, they will have the "teacher" status.
|
|
24
|
24
|
* `service1` is a PHP service which authenticate an user based on their Macaroons, and only allow a teacher to access it.
|
|
25
|
|
-* `moodle_macaroons` is an authentication plugin for Moodle, a service actually used in schools' infrastructures, using Macaroons generated by `auth` (at least it's limited to this when I'm writing these lines).
|
|
|
25
|
+* `moodle_macaroons` is an authentication plugin for Moodle, a service actually used in schools' infrastructures, using Macaroons generated by `ident` (at least it's limited to this when I'm writing these lines).
|
|
26
|
26
|
|
|
27
|
27
|
Please keep in mind that, although this might not a very impressive use of Macaroons, it is still a work in progress.
|
|
28
|
28
|
|
|
29
|
29
|
## Try it out
|
|
30
|
30
|
|
|
31
|
|
-For now (not sure it'll last), you can try the whole thing at https://ent.brendanabolivier.com/, by adding the desired service in the URI (`/auth` for the authentication server, `/service1` for the PHP service). Connections aren't logged on this server.
|
|
|
31
|
+For now (not sure it'll last), you can try the whole thing at https://ent.brendanabolivier.com/, by adding the desired service in the URI (`/ident` for the identification server, `/service1` for the PHP service). Connections aren't logged on this server.
|
|
32
|
32
|
|
|
33
|
|
-Why don't you try heading out on https://ent.brendanabolivier.com/auth/, logging in, then accessing https://ent.brendanabolivier.com/service1/? :wink:
|
|
|
33
|
+Why don't you try heading out on https://ent.brendanabolivier.com/ident/, logging in, then accessing https://ent.brendanabolivier.com/service1/? :wink:
|
|
34
|
34
|
|
|
35
|
|
-Then you can try and auth on https://ent.brendanabolivier.com/auth/teacher and re-trying accessing `service1` :smile:
|
|
|
35
|
+Then you can try and identify on https://ent.brendanabolivier.com/ident/teacher and re-trying accessing `service1` :smile:
|
