At_onboarding_cli: A Library to Authenticate and onboard AtSigns

at_onboarding_cli

Introduction

at_onboarding_cli is a library to authenticate and onboard atSigns.

Get Started

To add this package as the dependency in your pubspec.yaml

dependencies:
  at_onboarding_cli: ^1.0.0

Getting Dependencies

dart pub get

To import the library in your application code

import 'package:at_onboarding_cli/at_onboarding_cli.dart';

Usage

Use cases for at_onboarding_cli:
1) Authentication
2) Onboarding

Setting valid preferences:

isLocalStorageRequired needs to be set to true as AtClient now needs a local secondary in order to work.
As a result of Step 1, one also needs to provide commitLogPath and hiveStoragePath.
One must set the namespace variable to match the name of their app.
atKeysFile path should contain the file name.
downloadPath should only contain name of the directory where the .atKeysFile is expected to be generated.

Set AtOnboardingPreference to your preferred settings. These preferences will be used to configure the AtOnboardingService.

  AtOnboardingPreference atOnboardingPreference = AtOnboardingPreference()
        ..rootDomain = 'root.atsign.org
        ..qrCodePath = 'storage/qr_code.png'
        ..hiveStoragePath = 'storage/hive'
        ..namespace = 'example'
        ..downloadPath = 'storage/files'
        ..isLocalStoreRequired = true
        ..commitLogPath = 'storage/commitLog'
        ..cramSecret = '<your cram secret>'
        ..privateKey = '<your private key here>'
        ..atKeysFilePath = 'storage/alice_key.atKeys';

Authentication:

Proving that one actually owns the atSign. User needs to authenticate before performing operations on that atSign. Operations include reading, writing, deleting or updating data in the atsign's keystore and sending notifications from that atSign.

Steps to Authenticate

Import at_onboarding_cli.
Set preferences using AtOnboardingPreference. Either of secret key or path to .atKeysFile need to be provided to authenticate.
Instantiate AtOnboardingServiceImpl using the required atSign and a valid instance of AtOnboardingPreference.
Call the authenticate method on AtOnboardingService.
Use getAtLookup/getAtClient to get authenticated instances of AtLookup and AtClient respectively which can be used to perform more complex operations on the atSign.

AtOnboardingService atOnboardingService = AtOnboardingServiceImpl('@alice', atOnboardingPreference);
atOnboardingService.authenticate();
AtClient? atClient = await atOnboardingService.getAtClient();
AtLookup? atLookup = atOnboardingService.getAtLookup();

Onboarding:

Performing initial one-time authentication using cram secret encoded in the qr_code. This process activates the atSign making it ready to use.

Steps to onboard:

Import at_cli_onboarding.
Set preferences using AtOnboardingPreference. Either of cram_secret or path to qr_code containing cram_secret need to be provided in order to activate the atSign.
Setting the download path is mandatory in AtOnboardingPreference in order to save the .atKeysFile which contains necessary keys to authenticate.
Instantiate AtOnboardingServiceImpl using the required atSign and a valid instance of AtOnboardingPreference.
Call the onboard on AtOnboardingServiceImpl.
Use getAtLookup/getAtClient to get authenticated instances of AtLookup and AtClient respectively which can be used to perform more complex operations on the atSign.

AtOnboardingService atOnboardingService = AtOnboardingServiceImpl('@alice', atOnboardingPreference);
atOnboardingService.onboard();
AtClient? atClient = await atOnboardingService.getAtClient();
AtLookup? atLookup = atOnboardingService.getAtLookup();

Please refer to example for more details.

Open source usage and contributions

This is freely licensed open source code, so feel free to use it as is, suggest changes or enhancements or create your own version. See CONTRIBUTING.md for detailed guidance on how to setup tools, tests and make a pull request.

Use this package as a library

Depend on it

Run this command:

With Dart:

 $ dart pub add at_onboarding_cli

With Flutter:

 $ flutter pub add at_onboarding_cli

This will add a line like this to your package's pubspec.yaml (and run an implicit dart pub get):

dependencies:
  at_onboarding_cli: ^1.1.1

Alternatively, your editor might support dart pub get or flutter pub get. Check the docs for your editor to learn more.

Import it

Now in your Dart code, you can use:

import 'package:at_onboarding_cli/at_onboarding_cli.dart';

example/example.dart

import 'package:at_lookup/at_lookup.dart';
import 'package:at_onboarding_cli/at_onboarding_cli.dart';

Future<void> main() async {
  //onboarding preference builder can be used to set onboardingService parameters
  AtOnboardingPreference atOnboardingPreference = AtOnboardingPreference()
    ..qrCodePath = 'storage/qr_code.png'
    ..hiveStoragePath = 'storage/hive'
    ..namespace = 'example'
    ..downloadPath = 'storage/files'
    ..isLocalStoreRequired = true
    ..commitLogPath = 'storage/commitLog'
    ..cramSecret = '<your cram secret>'
    ..privateKey = '<your private key here>'
    ..atKeysFilePath = 'storage/alice_key.atKeys';
  AtOnboardingService? onboardingService =
      AtOnboardingServiceImpl('your atsign here', atOnboardingPreference);
  await onboardingService.onboard();
  AtLookUp? atLookup = onboardingService.getAtLookup();
  print(await atLookup?.scan(regex: 'publickey'));
  //free the object after it's used and no longer required
  onboardingService = null;
}

Download Details:

Author: Atsign-foundation
Source Code: https://github.com/atsign-foundation/at_libraries/
License: BSD-3-Clause license

#flutter #dart #cli

What is GEEK

Buddha Community

At_onboarding_cli: A Library to Authenticate and onboard AtSigns

German Donnelly

1592807820

How To Set Up Two-Factor Authentication in cPanel

What is 2FA
Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account.
Employing a 2FA mechanism is a vast improvement in security over the Singe-Factor Authentication method of simply employing a username and password. Using this method, accounts that have 2FA enabled, require the user to enter a one-time passcode that is generated by an external application. The 2FA passcode (usually a six-digit number) is required to be input into the passcode field before access is granted. The 2FA input is usually required directly after the username and password are entered by the client.

#tutorials #2fa #access #account security #authentication #authentication method #authentication token #cli #command line #cpanel #feature manager #google authenticator #one time password #otp #otp authentication #passcode #password #passwords #qr code #security #security code #security policy #security practices #single factor authentication #time-based one-time password #totp #two factor authentication #whm

Alice Cook

1615441648

Fix: Gmail Authentication Problems | Gmail 2-step Verification Bypass (2020-21)

An Gmail authentication error occurs when an account’s owner is unable to verify themselves; Gmail perceives it to be a threat to the account and its privacy, so it shows an authentication error. This can occur due to multiple reasons; entering the wrong password, using the wrong server port, and disabled IMAP on Gmail. You will find solutions to fix Gmail authentication problems in this Video. Additionally, you will find ways for Gmail 2-step verification bypass.
Visit: https://contactforhelp.com/gmail/

#gmail authentication error #gmail two factor authentication #gmail 2 step authentication #gmail authentication failed #gmail authentication problems #gmail 2 step verification bypass

Chaz Homenick

1599056059

Google's Authenticator App Explained and Reviewed

Such a cool-sounding term, I had to find out its meaning and purpose. So here is the story.

Let’s take the story step-wise. You should have heard by now of 2-FA, two-factor authentication. The base idea is pretty simple. Apart from just the password, many of the websites might be sending you an OTP on the phone to grant access. That summarises the two factors. Your password is factor one, and possession of your phone number is factor 2. But just for curious people, I will share some knowledge.

Multi-Factor Authentication

In information security, we have three main pillars to verify someone’s identity.

**Knowledge: **Something only the user knows
**Possession: **Something only the user has
Inherence: Something only the user is

Withdrawing money from ATM checks _possession _of ATM card and knowledge of the PIN. Encashing a cheque checks possession of the cheque book and inherence to the user’s signature. Attendance in my college lectures needs inherence to fingerprint and possession of the ID card. Writing proxy attendance in attendance sheet requires knowledge of friend’s roll number and _inherence _of the fake signature of your friend. You get the idea where it’s going.

Two-Factor authentication, as most of the examples above, is about combining the methods from 2 separate domains. It is different from Two-Step authentication, which can be just a password and a pin, both from the _knowledge _domain.

Where does Google Authenticator come in?

Many secure websites recommend, even enforce you, to use such two factors. More than often, the possession part is your phone number.

But waiting for OTP can be troublesome, especially in a place with poor networking. Many people may be stuck in places that do have good WiFi, internet connectivity but horrible cellular coverage. Like any place in the new CSE building of my college or even Chhatrapati Shivaji Maharaj International Airport in rush hours.

Why so many worries, right? If we just wanted to prove the possession of something, can’t we show the possession of our phone? Something that we always have. And more than often is the device we are using to log in to the website. This is the idea behind Google Authenticator.

How does it work?

At the time of first account creation, if you choose the authenticator app option in the available list, they will provide you with a QR code, which is the main secret that will remain shared between your phone and the website. You should print this QR code and keep it hidden in your cupboard or somewhere you can be safe about. Why? We will come to that later.

Ease of use

This secret that is shared through QR is more than often 16+ length of a random string. So are you supposed to type in every time? That will not only make it tough but also make the string knowledge than possession.

Instead, what the app does for you is taking this secret key and the current time as inputs, it generates a new OTP for you which is a 6–8 digit number that you can type in. This OTP is regenerated in 30 seconds and older OTP expires.

A Cyber hacker has to guess the OTP in a small time window. Anything later than that and the OTP will expire. This will not only prevent the entry but also warn the user through email about his password being compromised.

#two-factor-authentication #multifactor-authentication #google-authenticator #android #password-manager #authentication #technology #hackernoon-top-story

I am Developer

1602036957

Laravel 8 REST API Authentication with Passport Example Tutorial

Laravel 8 rest api authentication with passport tutorial, you will learn step by step how to create rest API with laravel 8 passport authentication. And as well as how to install and cofigure passport auth in laravel 8 app.

Laravel 8 API Authentication with Passport Tutorial

Step 1: Download Laravel 8 App
Step 2: Database Configuration
Step 3: Install Passport Auth
Step 4: Passport Configuration
Step 5: Run Migration
Step 6: Create APIs Route
Step 7: Create Passport Auth Controller
Step 8: Now Test Laravel REST API in Postman

https://www.tutsmake.com/laravel-8-rest-api-authentication-with-passport/

#laravel api authentication with passport #laravel 8 api authentication #laravel 8 api authentication token tutorial #laravel 8 api authentication using passport #laravel 8 api authentication session

Hunter Krajcik

1660433400