https://wiki.bristolhackspace.org/ 2026-04-14T15:41:00+00:00 https://wiki.bristolhackspace.org/ https://wiki.bristolhackspace.org/_media/wiki/logo.png text/html 2025-10-06T15:47:02+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.bristolhackspace.org/projects/member_portal/auth?rev=1759765622&do=diff Authentication Authentication methods There will be a few methods supported: * Email “magic link” * Keyfob/card * TOTP (e.g. Google Authenticator) * Passkey Password login won't be supported to begin with unless there is a strong demand for it. text/html 2025-10-24T00:15:46+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.bristolhackspace.org/projects/member_portal/home?rev=1761264946&do=diff Member Portal V2 This is a project driven by @samp20 to build a new member portal to provide Single-Sign-On (SSO) to other Hackspace services. * Authentication * JSON Web Keys * OAuth * Permissions model * Session management Architecture The system is based on a Python Flask application with PostgreSQL as the backend database. text/html 2025-10-07T23:49:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.bristolhackspace.org/projects/member_portal/jwk?rev=1759880940&do=diff JSON Web Keys The OpenID specification requires a JWKs endpoint to list public keys that can verify ID tokens. Current thinking is to store them in the filesystem either in PEM or JSON format. A Flask command can be created to rotate these on a schedule. These should be stored with the correct file permissions ( text/html 2025-10-13T12:14:50+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.bristolhackspace.org/projects/member_portal/oauth?rev=1760357690&do=diff OAuth Capturing the request Column Type Obtained from Description id UUID Generated ID to keep track of the request token_hash str Generated Hash of a secret token stored in a flow cookie session_id Optional FK Logged in session Associated login session text/html 2025-10-06T15:48:36+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.bristolhackspace.org/projects/member_portal/permissions?rev=1759765716&do=diff Permissions model Permissions shall be granted through OAuth scopes or other custom claims. As these claims can sometimes be application specific, a general purpose approach is proposed using Members, Roles and ClaimSets with the following relationships: text/html 2025-10-07T20:52:32+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.bristolhackspace.org/projects/member_portal/session?rev=1759870352&do=diff Session management Sessions will be referenced by long-lived cookies (e.g. 30 days) that get refreshed on use. The session data itself will be stored in a Session table. The currently planned data includes: Column Type Description id UUID Session ID