# Invitations
One of the main features of the verification service is to generate invitations
that can be distributed in different ways. Invitations are in the form of an URL
hence they can be distributed using email, instant messaging, QR code, etc. The
domain flag is used to add a public address for the invitation link. An
invitation has a default validity but that can be changed by using the
validity flag.
# Storage
By default invitations storage is in-memory. It can be changed to an SQL
back-end by setting the invitations-storage variable to either postgres or
mysql. The connection string is in the
engine://user:pass@address:5432/database format (for example
postgres://postgres@127.0.0.1:5432/verification) and it is configured with the
invitations-storage-sql flag. The database table is specified with the
invitations-storage-relation flag.
./verification \
--invitation-storage postgres \
--invitation-storage-sql postgres://postgres@127.0.0.1:5432 \
--invitation-storage-relation invitations
...
Table should be created in advance:
CREATE TABLE invitations (
user_id text,
code text,
expiration integer,
status text
);
Invitations also could be stored in Redis. Then the
invitations-storage variable should be set to redis and configured by
invitation-storage-redis, invitation-storage-redis-pass and
invitation-storage-redis-db properties.
./verification \
--invitation-storage redis \
--invitation-storage-redis :6379 \
--invitation-storage-redis-pass password \
--invitation-storage-redis-db 0 \
...
The invitation feature has a boolean configuration variable
invitation-storage-search that controls the search capabilities (filtering,
sorting) of the invitations data.
The verification service supports sending invitations as an email. This is
configured using enable-email-invitations, email-template, email-sender,
smtp-user, smtp-password, smtp-port, and smtp-server. The email template
is configured using the
Golang templating engine.
# Email template context
SenderRecipientInvitationLink
# Authentication
The authentication for the Administrative functions is implemented using OIDC.
Any OpenID Connect Identity Provider can be used for admin authentication by
using oidc-issuer, oidc-client-id, oidc-client-secret, and
oidc-redirect-url flags.
# Storage
By default the session storage is in-memory. It can be changed to an SQL
back-end by setting the session-storage variable to either postgres or
mysql. The connection string is in the
engine://user:pass@address:5432/database format and it is configured with the
session-storage-sql flag.
./verification \
--session-storage postgres \
--session-storage-sql postgres://postgres@127.0.0.1:5432/verification
...
Table should be created in advance:
CREATE TABLE sessions (
id varchar(36),
user_id text,
expiration int
);
Another option for the sessions is to be stored in Redis.
To achieve this, the variable session-storage-redis should be set to redis
and session-storage-redis, session-storage-redis-pass and
session-storage-redis-db should be configured with the Redis configuration
data respectively.
./verification \
--session-storage redis \
--session-storage-redis :6379 \
--session-storage-redis_pass password \
--session-storage-redis_db 0 \
...
# Authorization
Authorized users are configured using the authorized-users flag as a
comma-separated values. Users are defined with the id type of the identity
provider used for authentication.
./verification \
--authorized-users admin1@example.com,admin2@example.com \
...
