-
Notifications
You must be signed in to change notification settings - Fork 6
10. Options breakdown
The middleware has one options class that is used to configure it for you specific use cases. In this page we will brake down these options.
There are two types of options - controls and hooks. A control is used to change general operations. A hook allows the middleware to pass you control of the operation it is currently doing, some hooks are not optional.
This is the URL the middleware will listen on for requests.
Default: is "/login-sqrl"
This is a list of paths that the middleware listens on and a toggle to indicate if they are authenticated independently from the other paths.
Default: is NULL
This is used to allow the encryption key used to encrypt nuts. This can be helpful in multiple server deployments to ensure the nuts are encrypted with the same key.
Default: A new cryptographically safe random key is generated when the application starts or recycles.
This is the number of seconds a NUT is valid.
Default: 60. This is specifically high as a default and applications should change this if there user base is likely to login quicker.
The number of milliseconds that the application wishes the application to poll for successful logins from an external device.
Default: 1000ms (1 second)
This is the text place within the claim of Name for a user who is authenticated using SQRL.
Default: is "SQRL anonymous user"
The path that a browser is redirected to when using a local device client (CPS) and they cancel rather than continuing with authentication.
Default: ""
A toggle that indicates if the "?diag" against any SQRL middleware path will result in a diagnostics page being shown.
Default: false
A toggle that indicates if the default login page bundled with the middleware will be shown when a user navigates to the middlewares CallbackPath or any OtherAuthenticationPath.
Default: is false
A toggle to indicate if any of the helpers can be used such as the "?helper" or the HTML helpers.
Default: is false
This is a list of paths that the helpers can be used from is EnableHelpers is true. If this list is NULL then all paths are allowed to use the helpers.
Default: is NULL
As of v1.2.0 each hook has an async version which is prefixed with async. There are a set of interfaces that can be applied to a class to help with creating the methods for the hooks below these are:
//For the required hooks
IUserManagementRequiredHooks
IUserManagementRequiredHooksAsync
/*For the optional hooks the ones you wish not to implement
can be left empty are return a default value as you will
not put them into the options*/
IUserManagementOptionalHooks
IUserManagementOptionalHooksAsync
//When you wish to manage NUTs
INutManagementHooks
INutManagementHooksAsync
//When you wish to manage CPS
CpsSessionManagementHooks
CpsSessionManagementHooksAsync
//When you wish to have ASK messages
AskMessageHooks
AskMessageHooksAsync
By implementing these on a class you will get helpful method signatures
This is used to look up if a user exists within the applications user management system.
UserLookUpResult UserExists(string idk, HttpContext context)
This is used to update a user when they have re-keyed there identity which changes there UserId.
void UpdateUserId(string newUserId, string newSuk, string newVuk, string oldUserId, HttpContext context)
This is used to create a user within the applications user management system. If not implemented it is assumed user creation is not allowed.
void CreateUserInternal(string idk, string suk, string vuk, HttpContext context)
This is used to get the VUK for a user from the applications user management system.
string GetUserVuk(string userId, HttpContext context)
This is used to get the SUK for a user from the applications user management system.
string GetUserSuk(string userId, HttpContext context)
This is used to lock the user from logging in with SQRL in the applications user management system.
void LockUser(string userId, HttpContext context)
This is used to allow the application to unlock the user from logging in with SQRL in the applications user management system.
void UnlockUser(string userId, HttpContext context)
This is used to indicate that the user no longer wants there SQRL login to be stored in the applications user management system.
void RemoveUser(string userId, HttpContext context)
This is used to get the NutInfo from the applications nut store.
NutInfo GetNut(string nut, bool authorized)
This is used to store new NUTs in the applications nut stroe.
void StoreNut(string nut, NutInfo info, bool authorized)
This is used to remove nuts from an applications nut store.
void RemoveNut(string nut, bool authorized)
This is used to check if a NUT is authorized yet
bool CheckNutAuthorized(string nut);
This is used to get the userId attached to the NUT
string GetNutIdk(string nut)
This is used to store s CPS session id in the applications CPS sessions store
void StoreCpsSessionId(string code, string userId)
This is used to get a userId for a CPS sessionId
string GetUserIdByCpsSessionId(string code)
This is used to remove a CPS session
void RemoveCpsSessionId(string code)
This is called when a SQRL client has indicated that a user only wishes to use SQRL for login going forward
void SqrlOnlyReceived(string userId)
This is called when the SQRL client has indicated that the user wishes to disable any forms of account recovery
void HardlockReceived(string userId)
This is used to get the ASK question if any to be returned with this request
AskMessage GetAskQuestion(HttpRequest request, string nut)
This is called when a SQRL client indicates a ASK was responded to
bool ProcessAskResponse(HttpRequest request, string nut, int button)
This is called once a user is authenticated and should return a username that the system has stored for the user
string GetUsername(string userId, HttpContext context)