kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Starting over.

Browse Source
This commit is contained in:
Kyle Isom
2025-11-16 18:36:28 -08:00
parent 22eabe83fc
commit 07a5e957af
52 changed files with 46 additions and 7355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.junie/guidelines.md
View File

@@ -3,6 +3,49 @@
MCIAS is the metacircular identity and access system, providing identity and
authentication across the metacircular projects.
The Metacircular Identity and Access System (MCIAS) provides standard
tools for user and access management among metacircular and wntrmute
systems.
Build an authentication service written in Go that I can use with other
apps that I write.
## Specifications
- Applications should be able to either do an interactive login, using a
username/password (and potentially a TOTP), or present a token.
- Applications should be able to renew the token, which would nominally
expire after some period (defaulting to maybe 30 days).
- There are two kinds of users: human and system accounts.
- System accounts can only present a token; they have a single token
associated with that account at a time.
- User accounts have roles associated with them.
- Users with the admin role can issue tokens for any app, or users with
the role named the same as a service account can issue tokens for that
service account.
- Admin users can also revoke tokens for a service account.
- Service accounts (and users with the a role named the same as the
service account) can also retrieve Postgres database credentials for
the service account.
## Technical details
- User passwords will be stored using scrypt.
- The service account tokens and user/password authentication can be
used to obtain a JWT, if that is appropriate.
- All authentication events should be logged.
- This service should use the packages contained in
git.wntrmute.dev/kyle/goutils for logging etc.
## Interfaces
- The primary interface will be an REST API over HTTPS. TLS security is
critical for this.
- There should be two command line tools associated with MCIAS:
- mciassrv is the authentication server.
- mciasctl is the tool for admins to create and manage accounts, issue
or revoke tokens, and manage postgres database credentials.
## Structure
+ The system should be runnable through a cobra CLI tool, with