Fork: 2
yuuji / WebSocketSample
Transfer to URL with SHA Find file
Newer
Older
WebSocketSample / otp / README.md
@HIROSE Yuuji HIROSE Yuuji on 25 Oct 2022 1 KB Add figures
Raw Blame History 
# OneTimePassword auth example
## Terminology
auth=Authentication, tmp=Temporary

## Common Procedure

1. Clone this
2. cd $TOP/otp

## WebSocket mode
1. ./otp.rb
2. Open http://localhost:3000/otp.html

## CGI mode
1. ./web.rb
2. ./otp-cgi.rb
3. Open http://localhost:3000/otp-cgi.html

## OTP Procedure for WebSocket
Client			| Data Flow		| Server	| Person
----------------|---------------|-----------|------
(First Access)	| Nothing 		|			|
Username(email)	| -->	 		| (store)	|
(storage)		|    <-- 		| tmpKey	|
 ..				|   			| passcode	| --> get via email
Passcode+tmpKey	| -->  			| Verify	|
(storage)		| <--  			| SessionKey|
Sessionkey		| -->			| Set AuthFlag for connection channel|

All keys and passcodes are stored in databases(server side) or
localStorage(browsers).

## OTP Procedure for CGI
Client			| Data Flow		| Server	| Person
----------------|---------------|-----------|------
Username(email)	| -->	 		| (store)	|
(storage)		|    <-- 		| tmpKey	|
 ..				|   			| passcode	| --> get via email
 ..				|   			| exits		|
 ..				|   			| -------	|
Passcode+tmpKey	| -->  			| Verify	|
(storage)		| <--  			| SessionKey|
 ..				|   			| exits		|
 ..				|   			| -------	|
User+Sessionkey	| -->			| Auth OK	|
(expand to view)| <--			| Any answers|
 ..				|   			| exits		|
 ..				|   			| -------	|


## Difference between CGI and WebSocket Servers
### CGI server
One response for one request
![](persession.png)

### WebSocket server
Persist connection per session.  
One server for multi clients.
![](wsserver.png)