Single Sign-On technical overview
This text provides technical information about PEACH Single Sign-On (also references as Identity provider or IDP). For a more general overview see the products section
Modes of operation
- As a web application
The EBU IDP comes with a HTML rendering engine (ejs) and can be deployed as a visible web service to have a login server for users to use.
- API-only usage
It's possible to deploy the IDP without the need for users to use it directly, signup and usage can be done by using the API from another web application.
We use sequelize to abstract database access. Currently we support
sqlite with migrations and everything else for safe operations.
sqlite should not be used for production environments as it only supports very light usage.
docker-Images ready on our docker registry service. Prebuild definitions for
docker-compose are available for orchestration, and we have
terraform receipes ready for deployment in AWS environments.
Workflows and usage information
- CPA: A protocol to allow device paring on devices with very limited ways of input, like Smart TVs. Details can be found on the CPA page.
- oauth2: We support the oauth2 protocol for authorisation. Currently there is no support for OpenID.
- authentification can done via custom endpoints that include HTTP sessions and JWT.
- account types: A so-called
locallogin stores credentials in the local databases. Also supported is a signup with the services from Google, Facebook and Apple.