Single Sign-On technical overview
This text provides technical information about PEACH Single Sign-On (also references as Identity provider or IDP). For a more general overview see the products section
Modes of operation
- As a web application
The EBU IDP comes with a HTML rendering engine (ejs) and can be deployed as a visible web service to have a login server for users to use.
- API-only usage
It's possible to deploy the IDP without the need for users to use it directly, signup and usage can be done by using the API from another web application.
Databases
We use sequelize to abstract database access. Currently we support MySQL/MariaDB
, Postgres
and sqlite
with migrations and everything else for safe operations. sqlite
should not be used for production environments as it only supports very light usage.
Cloud deployment
We have docker
-Images ready on our docker registry service. Prebuild definitions for docker-compose
are available for orchestration, and we have terraform
receipes ready for deployment in AWS environments.
Workflows and usage information
- CPA: A protocol to allow device paring on devices with very limited ways of input, like Smart TVs. Details can be found on the CPA page.
- oauth2: We support the oauth2 protocol for authorisation. Currently there is no support for OpenID.
- authentification can done via custom endpoints that include HTTP sessions and JWT.
- account types: A so-called
local
login stores credentials in the local databases. Also supported is a signup with the services from Google, Facebook and Apple.