The login sequence is a bit convoluted due to security considerations.
Knowd login sequence diagram:
- TWiki sends login screen to the browser.
- The login screen does an Ajax call to the Knowd ID server requesting a claim ticket.
- The Knowd ID server returns a one time use claim ticket.
- The login screen sends an Ajax request to the TWiki server, passing along the claim ticket.
- The TWiki server sends a device ID request to the Knowd ID server, passing along the claim ticket.
- The Knowd ID server returns the ID and score of the device, e.g. browser.
- The TWiki server returns the Ajax call from the browser, returning the device ID and score. In case the score is above a set threshold and the device is registered, it also returns a magic number.
- In case the magic is received, the login screen sends a redirect to the TWiki server, requesting the login screen, passing along the magic number.
- The TWiki server handling the login screen checks for the magic number parameter. In case the magic number exists and is correct, TWiki logs in the user associated with the device, and redirects to the view script.
The
login
method in the
TWiki::LoginManager::KnowdLogin
module generates the login screen with the Javascript code that does the Ajax calls.
The
TWiki::Plugins::KnowdLoginPlugin::Core
module handles the KNOWD TWiki variable to manages the device IDs. It also handles the magic number.
The KNOWD TWiki variable supports these parameters:
1. action="checkid" id="..."
Request the device ID from the Knowd ID server. The id parameter is the claim ticket. This calls the Knowd ID server at
https://id.wave.com/upi/willcall/claim?ticket=...
. A response JSON data might look like:
{"message":"", "result":"OK", "info":"{\"id\":\"a27d00fc-d4f4-4ac1-9a20-dd748d0c2954\", \"score\":244, \"needsSetup\":false, \"setupURL\":null}"}
2. action="getdevices" user="..."
Returns the list of device IDs associated with a user. Specify the WikiName of the user. This also sets
SpreadSheetPlugin hashes that can be retrieved as follows:
-
$GETHASH(knowd-login, id)
- login name associated with device ID
-
$GETHASH(knowd-wikiname, id)
- WikiName associated with device ID
-
$GETHASH(knowd-name, id)
- device name
-
$GETHASH(knowd-score, id)
- device score
-
$GETHASH(knowd-atime, id)
- last login date (epoch time format)
-
$GETHASH(knowd-rtime, id)
- date of registration (epoch time format)
This is used to populate the device table at
KnowdDeviceManager.
3. action="registerdevice" id="..." name="..." user="..."
Register a device by ID. The name and user is required. Only the device owner or an administrator can register a device.
4. action="deregisterdevice" id="..." user="..."
De-register a device by ID. The user is required. Only the device owner or an administrator can de-register a device.
The plugin stores device data in the plugin's working directory at
twiki/working/work_areas/KnowdLoginPlugin
. Each device is represented by a file named
id-<device-id>.txt
, such as
id-3b9d59a5-4452-48fe-8197-b36bc6127f2c.txt
. Sample content:
atime: 1394694634
login: JimmyNeutron
magic:
name: iPhone
rtime: 1394694634
score: 244
wikiname: JimmyNeutron