Authentication on device - config.json and remote susi.ai

[norbusan]

Hi @Orbiter

during today's SUSI.AI meeting we discussed how authentication between the local (on device server) and the susi.ai auth service should be connected.

First the current status:

• during initial setup of the device (and hopefully soon also via the device configuration page) the user can set the smart speaker in anonymous or authenticated mode, and in the later case add email/pass which are saved in the json.config on the device.
• If authenticated, the ss-login-service logs into the remote api already automatically and does device registration etc

What would be great if:

• the on-device susi-server picks up that user/pass and automatically is configured also into logged in state, probably checking back with susi api server (?)
• otherwise, the susi server on device should be able to allow logins via callback back to the main api server, or we should be able to put the on device susi server into local authentication mode (no connection to API at all) or net authentication mode (authentication agains susi.ap web)

What do you think about that?

Best

[Orbiter]

We do not store passwords on the server, only password hashes. If we want that the susi_server may be a client to another susi_server and authenticates through the existing endpoint, then the as-client operating susi_server would need to store passwords in clear text. That is not what we want.

Here we need a different server-to-server handshake and I currently don't know what the appropriate aproach would be.