Idora Server
Abstract
The IdOra Server serves as a custodian of access tokens (credentials) on behalf of a subscriber. The subscriber can authorize IdOra to obtain, store, and present these access tokens to pre-authorized third party services, usually for the purpose of logging the subscriber into a web page by scanning a QRCode or some other non user/password method.
A web portal is provided for creating accounts, logging in/out, and configuring services for remote logins.
Origins
The IdOra project was originally developed by Bob Lund (CableLabs). This implementation is a derivation of the original codebase, with minor changes required to integrate it into the Micronets ecosystem.
Developers
The repository for the IdOra Server is micronets-idora-server
Overview
The Idora Server provides a web portal for the subscriber to select and authorize access to third party services. This is done using standard OAUTH2 api requests to request and subsequently store the subscriber’s access tokens. It also provides an API to present access tokens to pre-authorized services on behalf of the subscriber.
Messaging
The Idora Server communicates with the following Micronets components:
* Idora Client
+ IN
Accepts QRCode Scans for effecting remote logins.
* Authorization Server
+ OUT
OAUTH redirect to MSO login for authorizing remote logins
+ OUT
OAUTH token refresh/revoke requests
Detailed descriptions of the APIs for this server can be found here
Operation
Website (service) Setup
The subscriber navigates to the IdOra portal at https://mycable.co/idora
. The subscriber logs in and then clicks the Websites tab to set up an authorized service. The subscriber will be redirected (OAUTH2) to the selected service’s Authorization Server login screen. If the subscriber accepts the described action, an access token will be generated by the Authorization Server and returned to the IdOra Server. The access token is then stored locally (IdOra Server) and linked to the subscriber. The access token will be available for future use on behalf of the subscriber, such as for Remote Logins.
Remote Login
The subscriber logs in to their IdOra account from the MSO provided mobile app (IdOra Client). Using a computer browser, the subscriber navigates to the login screen for a service that has been previously authorized (see above). When the QRCode appears on the login screen, the subscriber scans it with the mobile app. The metadata (serviceID, sessionID) from the QRCode is sent to the IdOra Server along with the subscriber’s ID. If the IdOra Server has an access token for that subscriber/service, a remote login request is sent to the service on behalf of the subscriber and the subscriber is automatically logged in.
NOTE: IdOra is not necessarily a component of the MSO. It could easily operate independently to provide this functionality for services not owned by the MSO. For this reason, at least for now, the IdOra account and the MSO account ARE NOT THE SAME ACCOUNT. Credentials must be set up separately.
Installation
Detailed instructions for building and installing the IdOra Server can be found here