README (3591B)
1 About CHALLENGER 2 ---------------- 3 4 5 Challenger implements an HTTP server that allows clients to validate 6 that a user is able to receive TAN codes at a given address using 7 OAuth 2.0-style authorization. 8 9 Envisioned use-cases are KYC checks where a user must prove that they 10 are able to receive SMS, e-mails or physical mail. 11 12 13 Accountability: 14 =============== 15 16 Clients must be registered before they can use the service. To 17 initiate an address verification, clients must first setup an 18 authorization session before directing the user agent towards the 19 ``/login`` endpoint. The system automatically tracks how many address 20 verification session a particular client has authorized. This is 21 expected to be useful in cases where address verifications have 22 non-negligible cost. The system also limits how often a user-agent 23 may change the address per authorization session as well as the number 24 of times the TAN code is transmitted to each address. Finally, it 25 of course also limits the number of times a user may enter a TAN 26 code. 27 28 29 Time limits: 30 ============ 31 32 Once authorized, a client has limited time to use the user agent's 33 authorization code. The resulting grant also has limited lifetime 34 during which the client must download the verified address of the 35 user. 36 37 38 Flexibility: 39 ============ 40 41 The actual transmission of the TAN code is done via a separate 42 program that is simply invoked by the challenger service. This makes 43 the code useful for all types of address validations. Simple shell 44 scripts are provided for SMS, e-mail and physical address validation. 45 46 All user-facing forms are fully customizable and provided as Mustach 47 templates. By changing the templates, the look-and-feel of the 48 service can be freely adapted. 49 50 51 Usability: 52 ========== 53 54 Challenger uses a simple REST-based API documented at 55 https://docs.taler.net/. The authorization flow is believed 56 to be fully compatible with OAuth 2.0. 57 58 59 Limitations: 60 ============ 61 62 Challenger does at this time not include HTTPS support. While this could 63 be trivially added, we expect Challenger to be run behind a reverse proxy 64 that terminates TLS. 65 66 At this time, Challenger only works with a Postgres database. Other database 67 backends could easily be written in the future. 68 69 70 Installation 71 ============ 72 73 See INSTALL for generic installation instructions. In addition, 74 Challenger requires GNUnet, GNU Taler Exchange, and GNU Taler Merchant 75 libraries. If these are installed in a non-standard place, use the 76 configure script options --with-gnunet=DIR, --with-exchange=DIR, and 77 --with-merchant=DIR, respectively. 78 79 The following are likewise required: 80 81 libmicrohttpd --with-microhttpd=DIR 82 PostgreSQL --with-postgresql=PATH-TO-PG-CONFIG 83 84 Other non-essential dependencies are indicated by --with-FOO 85 in the "./configure --help" output. 86 87 88 89 Dependencies: 90 ============= 91 92 Build tools for compiling Challenger from source: 93 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 94 95 - gcc or clang 96 - autoconf >= 2.69 (building from git) 97 - automake >= 1.11.1 (building from git) 98 - recutils >= 1.0 (building from git) 99 - libtool >= 2.2 100 - makeinfo >= 4.8 101 - make[*3] 102 - pkgconf or pkg-config 103 - sphinx 104 - sphinx-rtd-theme 105 - sphinx-multiversion 106 107 108 Direct dependencies 109 ~~~~~~~~~~~~~~~~~~~ 110 111 These are the direct dependencies for running Challenger: 112 113 - GNU Taler exchange >= 0.14.0 114 - PostgreSQL >= 15.0 115 116 117 License: 118 ======== 119 120 Challenger is released under the Affero GPL v3 or later. 121 122 The primary source code is maintained at 123 https://git.taler.net/challenger.git by the GNU Taler team.