diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..3244516 --- /dev/null +++ b/README.md @@ -0,0 +1,60 @@ +# VPNAuth + +OAuth2/OIDC Server recognizing users based on their IP. + +## The idea + +The idea of VPNAuth is that you only need to log into your VPN and from then you get automatically logged into your apps +as you get recognized with your static ip you get assigned from your VPN. + +## Set-up + +I recommend to use the ``flake.nix`` to install the project on NixOS. +VPNAuth will automatically generate the sqlite database and the ``config.json`` in the directory where the process runs +from. + +### The Database + +You need to apply the ef core migrations to create and update the database as VPNAuth needs it. +The recommended way to do that is described +[here](https://learn.microsoft.com/en-us/ef/core/managing-schemas/migrations/applying?tabs=dotnet-core-cli#sql-scripts). + +### The Config + +Here is an example ``config.json`` with explanations: + +``` JSON +{ + "Users": [ // A list with the user objects. + { + "Username": "tim", // The username of the user. + "Ips": [ // A list with the ips of the user as strings, the server uses them to recognize the user. + "127.0.0.1" + ] + } + ], + "Apps": [ // A list with the app objects that the users can log into. + { + "ClientId": "test-app", // The client id of the app used in the OAuth2 flow. + "RedirectUri": "http://127.0.0.1:8082/api/oauth2-redirect", // The user gets redirected to this uri when they accept or deny the login request. + "Secret": "mysecret", // The app secret used in the OAuth2 flow. + "AllowedUsers": ["tim"] // This key is OPTIONAL - when providden, only the users with their username as a string in that list can log into the app. + } + ] +} +``` + +(Remember that this config is invalid as the JSON standard does not allow comments.) + +## Endpoints + +| Uri | Protocol | Description | Response status codes and their meaning | +|-------------------|----------|----------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| ``/auth`` | OAuth | Autorization request - initializes the authorization process | / | +| ``/access-token`` | OAuth | Endpoint where client requests the access token with the issued code in PKCE challenge | - ``400``: The form does not require required parameters<br/>- ``403``: client secret or code challenge is wrong<br/> - ``404``: invalid auth code | +| ``/user-info`` | OIDC | Endpoint where the client requests information about the user | - ``405``: Request method is not ``GET`` or ``POST``<br/> - ``400``/``401``: invalid authorization header<br/> - ``403``: invalid token or not all required scopes<br/> - ``204``: User has not set any user information yet | + +You find out how to reach me [here](https://bytim.eu/contact) if you have any questions or feedback. + +**The [OAuth2](https://datatracker.ietf.org/doc/html/rfc6749), [PKCE](https://datatracker.ietf.org/doc/html/rfc7636) +and [OIDC](https://openid.net/specs/openid-connect-core-1_0.html) Protocols are not fully implemented!** |