Attention This is a hobby project to get more used to go-programming. It is not intended to be used in a production environment without making further security related steps.
How it works
tinymfa connects to a postgres database and creates the required table structures. Then, it generates a root encryption key and access token. The encryption key is stored on the filesystem.
when creating an issuer, a new encryption key is generated, encrypted with the root encryption key and then stored to the database. Also, an access token unique to this issuer is generated as well.
when creating a user below an issuer, a new secret key is generated and encrypted with the issuer encryption key.
The api offers an endpoint to generate a QRCode for a user. Use this to let the user register their secret key in an Authenticator App
The api offers an endpoint to validate a token. Send the token using a http post request to the api interface. The resulting json object contains the boolean result of the validation.
tinymfa can be configured to validate access to its resources. Once activated, tinymfa checks for presence of the http header key ‚tiny-mfa-access-token‘. This must be either the root token created on installation, or the issuer token presented upon issuer creation.
System Configuration and Audit
Return audit entries
Return current system configuration
Updates the system configuration
payload: Update system configuration
the port to run on. Requires a restart!
how many times is a user allowed to input a wrong token before we don’t allow validation for the given message. This is to defeat brute force attacks
whether to verify if the tiny-mfa-access-token is set and contains a valid token