NASS' STV System - Naflows/naflows-auth GitHub Wiki
NASS' Secure Token Verification System
About
This is the third and last step of the NASS Verification Process. The whole point of this process is to make sure the connection to the service is secure enough before forwarding the request to the corresponding API. Tokens are another layer of authentication that also serves as a way of making sure the user is allowed to send its request.
Important notice
Production will include a notification to users whenever a token is renewed.
.env variables
The following variables are used in the STV process.
| Variable | Type | Usage | Default value |
|---|---|---|---|
| STV_MINIMAL_TIMEOUT_MIN | number | Minimum time a token is frozen for (in seconds) | 1 |
| STV_MINIMAL_TIMEOUT_MAX | number | Maximum time a token is frozen for (in seconds) | 5 |
| STV_MAXIMAL_USE_RATES | number | Maximum number of uses for a token before it has to be renewed | 100 |
Error codes
The following error codes are the one that can be returned by the NASS during the STV:
| Code | Message | Reason |
|---|---|---|
| 200 | New session token created successfully. | A new token is issued when a session is renewed via the SSV |
| 200 | STV Process completed successfully. | Self-explanatory |
| 200 | Token use updated successfully. | Token has successfully been updated after the STV process |
| 200 | Token is valid. | Self-explanatory |
| 200 | Token renewed successfully. | Self-explanatory |
| 200 | Token rights checked successfully. | Self-explanatory |
| 201 | Token created successfully. | Self-explanatory |
| 400 | Token not found. | Provided token ID / value does not exist |
| 401 | Invalid token or credentials provided. | Self-explanatory |
| 401 | Invalid credentials provided. | Self-explanatory |
| 401 | Token is outdated or invalid. | Self-explanatory |
| 401 | Renewal token is invalid or not provided. | Renewal token value is incorrect for user's rights token renewal |
| 401 | Token is expired or has reached its maximum uses. Please log in again. | Sending renewal token if the token is outdated / invalid. |
| 403 | Insufficient rights to access this route. | Self-explanatory |
| 404 | Session not found. | Self-explanatory |
| 404 | User not found. | Self-explanatory |
| 404 | Route not found. | Self-explanatory |
| 429 | Token is frozen. | The requested token has been frozen by the NASS. Returns a retry_after value |
| 500 | Failed to update token use: [reason] | Token use after STV Process has not correctly been done |
| 500 | Internal server error: collections not found. | Self-explanatory |
| 500 | Invalid timeout configuration. | The .env variables for the freezing process are incorrectly defined |
| 500 | An error occurred while updating the token use: [message] | Self-explanatory |
| 500 | An error occurred while creating the token: [message] | Self-explanatory |
| 500 | Failed to delete the old token. | Self-explanatory |
| 500 | Failed to disable the token. | Failed to disable the outdated token |
| 500 | Failed to fetch routes rights. | Self-explanatory |
| 500 | An error occurred while checking token rights: [message] | Self-explanatory |