You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm looking to implement a standard Kratos based login flow, but also a less secure RFID based login flow on a specific PC. The login server will restrict the RFID login to only this PC based on some secure mechanism (TBD, but likely using certificates and/or a TPM).
Background context
This is for my local Hackspace. Currently we have a monolitihc membership server hosted locally in the Hackspace network. This works, but members need to be in the space to use the services, and it's a separate system to our forum and wiki. I'd like to implement an SSO system for all our services while still allowing access to some of them locally. See this page for more info.
Because I don't fully trust the RFID flow (the card IDs are only 4 bytes and easy to clone) I'd like to restrict this to only allow low risk OAuth2 clients/scopes. Does Hydra have a built in mechanism for this (e.g. based on the ACR value), or is this something I'd have to implement myself before accepting/rejecting the Hydra login request?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm looking to implement a standard Kratos based login flow, but also a less secure RFID based login flow on a specific PC. The login server will restrict the RFID login to only this PC based on some secure mechanism (TBD, but likely using certificates and/or a TPM).
Background context
This is for my local Hackspace. Currently we have a monolitihc membership server hosted locally in the Hackspace network. This works, but members need to be in the space to use the services, and it's a separate system to our forum and wiki. I'd like to implement an SSO system for all our services while still allowing access to some of them locally. See this page for more info.
Because I don't fully trust the RFID flow (the card IDs are only 4 bytes and easy to clone) I'd like to restrict this to only allow low risk OAuth2 clients/scopes. Does Hydra have a built in mechanism for this (e.g. based on the ACR value), or is this something I'd have to implement myself before accepting/rejecting the Hydra login request?
Beta Was this translation helpful? Give feedback.
All reactions