/auth

OAuth2 based banking API for accessing transaction data

Primary LanguageRubyOtherNOASSERTION

Welcome to the Pennyminder Auth project!

  Pennyminder Auth is a simple Ruby on Rails 3.0 web application that financial institutions
  can run and host to provide authentication services to third party applications.
  Auth authorizes applications by using the (emerging) standard OAuth2 protocol.

  It is an Open Source project under the terms and conditions of the New BSD License.

Why Pennyminder Auth?

  Why would you need to offer such a service?  Initially, Pennyminder Cashbook
  (our White label PFM solution) would be the primary consumer of such
  authentication services (and we would really appreciate it if you were to
  take a look at our hosted PFM offering at http://www.pennyminder.com/ :).

  But beyond PFM, we see it as an enabling technology. A standardized authentication
  service would allow you to easily build and deploy additional consumer facing
  applications in a safe and secure way. And by using open standards such as OAuth2
  Juno allows those applications to be built using whatever technologies make sense
  for those applications.

Dependencies

  MongoDB (required by https://github.com/flowtown/rack-oauth2-server)
  JRuby 1.6.4 or Ruby 1.9.2 (Out of the box, Juno expects to be run under JRuby)

  Auth uses the following gems (and there should be some familiarity with them):

   - Devise
   - OmniAuth
   - rack-oauth2-server

Getting Started

  0) Edit config/database.yml
  1) Create databases
  2) Run migrations
  3) run the server (jruby -S trinidad or rails s) - this starts up with
     the config/samplefi/config.rb configuration file.  To run the server
     using a different configuration file, start it like so:

       FICONFIG=/path/to/config.rb jruby -S trinidad (or rails s)

Create first admin account

  4) Create a user (http://localhost:3000/users/sign_up
     and confirm account (the url is in the logs (and maybe your inbox too! :) )))
  5) rails console
  6) u = User.find(1)
  7) u.has_role!(:admin)

  Subsequent users can be turned into admins on the administrators
  page.

  Note, in case it's not clear, end users do NOT have accounts on
  this service.  End users are authenticated (using a custom OmniAuth
  Strategy) against the core banking system.  See lib/coreauth.rb

Implementing for your financial institution

  We've tried to make this as turnkey as possible, but there are a few
  things you will need to do to integrate with your organization.

    1) Setup local configuration
    2) Theme the member login page
    3) Implement an 'AuthClient' to interact with the host system

  Start by copying the sample configuration in config/samplefi/* into a new
  folder.  Take a look at the files. The config.rb file is commented.

  Next you should look at the FinancialInstitutionConfig class and modify
  it to suite your needs.

  Lastly you will need to implement an 'authclient' class that talks
  to the core banking system to authenticate end users.  There is a
  Java example in classes/MockAuthClient.java and an unfinished ruby
  example near the top (in the rescue block) of config/samplefi/config.rb

  We have an auth client available for ISO8583 based core banking systems
  (sadly, not open source).

  That should get you started, let support@pennyminder.com know if you
  have any questions.

Need Help?

Service, Support, Training and Custom Development are available from Sourdough Labs
Research and Development Corp.  Email Vince Hodges at support@pennyminder.com.

Thanks to our sponsor!

A great deal of the work on this project was sponsored by our first client and this project
would not exist if it wasn't for their help and support.