Define API
We should get started by defining the API that will be used by PHP frameworks that embed this library. Once we have that nailed we will have a perfect interface that just requires some meet to fill the gaps.
Pre-requisites
- PHP 5.6+ or 7.0+
- Support https only
- PSR compliance
- Composer compatible but usable without composer as well
Glossary
SQRL ID: the ID managed by the SQRL client
SQRL: class representing the nonce with all its details
Client: class that implements all methods that interact with the SQRL client
Account: class that represents a user account.
Operation: things that can be done with SQRL and need application specific implementation, examples are registration, login, etc. but should be extensible.
Settings
- Mode: SQRL is optional or required
- Multiple sessions support
- Multiple account support
- Multiple SQRL IDs per account support
- Poll interval
- initial
- subsequent
- SQRL logo size
- QR code size
- Account name pattern (when they need to be auto generated), including the length of some random parts in the name
- Domain migration
- Request client-generated secret
- Server Friendly Name (default to domain name?)
Routing
- Markup: request to provide the markup for a SQRL in the browser
- Response for JavaScript support enabled (with polling)
- Response for non-JavaScript support
- Image: SQRL QR code representing the nut
- Polling: while the image is displayed, poll if the SQRL client has authenticated this identity
- Submit endpoint for the form of non-JS-support
- Form to create new account
- Form to select account if multiple available
- Form to link SQRL ID to existing account
- Form to confirm unlink operation
- SQRL QR code with old domain name for domain migration
Boilerplate
Images (logo, etc.) and strings should be provided by the library so that they are consistent across platforms. But that also requires a localisation interface such that not the platform is responsible for it but the library provides the strings for all supported languages.
Callbacks
Messaging
Logging
Debugging
Access Control
- For each operation
Operations
- Register
- Login
- Link: link an existing account to your SQRL ID
- Unlink
- Lock/Unlock/Rekey
- Disable non-SQRL login
- Negotiate client-generated secret key
- Generate token for shared access
- Associate SQRL ID with token to account
- Verify associated token for shared access to account
Account management
- Create new account
- Block and unblock account
- Manage shared IDs
- Delete account