The verification service can be configured to display a list of accounts from different types of stores. When using this feature, inviting a user is as easy as clicking a button. There is the option to invite users by sending an email or generating an invitation link that can be distributed via any channel.
The accounts feature has a boolean configuration variable accounts-search that
controls the search capabilities (filtering, sorting) of the accounts data.
# LDAP Integration
The LDAP integration allows the verification service to pull accounts directly from a directory. The LDAP integration supports LDAP and LDAPS protocols and simple authentication.
# No Authentication
./verification \
--accounts ldap \
--accounts-ldap-addr ldap://ldap.example.com:389 \
--accounts-ldap-base-dn dc=example,dc=com
...
# Simple Authentication
./verification \
--accounts ldap \
--accounts-ldap-addr ldap://ldap.example.com:389 \
--accounts-ldap-base-dn dc=example,dc=com \
--accounts-ldap-user user \
--accounts-ldap-pass password \
...
# SSL
./verification \
--accounts ldap \
--accounts-ldap-addr ldaps://ldap.example.com:636 \
--accounts-ldap-base-dn dc=example,dc=com \
--accounts-ldap-certificate $(cat ldap.crt) \
--accounts-ldap-certificate-key $(cat ldap.key)
...
The SSL can be combined with the ‘Simple authentication’ if required.
# Fields Mapping
Objects pulled from the directory are mapped to an internal accounts model. It
needs two fields - id and name. By default, they are mapped to mail and
cn. The mapping can be configured using accounts-ldap-id-attr and
accounts-ldap-name-attr flags respectively.
# Search and Filtering
Which accounts are pulled by the service can be configured by using the
accounts-ldap-filter flag. The value is an LDAP query that will be used for
requests to the directory server. Searching is also supported using a templated
query configured with accounts-ldap-search.
# SQL Integration
The SQL integration allows the verification service to pull accounts from an SQL database. Supported databases are PostgreSQL and MySQL.
./verification \
--accounts postgres \ # or mysql
--accounts-sql postgres://postgres@127.0.0.1:5432 \
...
The table should be created and populated in advance:
CREATE TABLE accounts (
user_id text,
name text
);
# Redis Integration
The Redis integration allows the verification service to pull accounts from a Redis store.
./verification \
--accounts redis \
--accounts-redis :6379 \
--accounts-redis-pass password \
--accounts-redis-db 0 \
...
The accounts data should be populated in advance as hash Redis data structures.
The format of an account data key should be accounts:primary_key and should
contain two fields user_id and name. Here is a sample command to create an
account record:
> hmset accounts:user1@example.com user_id user1@example.com name "User 1"
OK
# API Integration
The API integration allows the verification service to pull accounts from an
API. This API has a predefined interface and it could be authenticated using
Basic Auth. The API should respond to a GET request accepting sort,
direction, offset and limit to support sorting, filtering, and pagination
and response with a list of accounts:
{
"accounts": [
{
"userId": "user1@example.com",
"name": "User 1"
},
{
"userId": "user2@example.com",
"name": "User 2"
}
],
"total": 2
}
The API integration is configured with the --accounts-api-url and
--accounts-basic-auth-secret if required:
./verification \
--accounts api \
--accounts-api-url example.com/accounts \
--accounts-basic-auth-secret secret
...
# In-Memory
The in-memory storage is a static list of accounts. It is loaded in the service
memory on service start. It is configured with the accounts-json flag
formatted as JSON with the following format:
accounts.json
[
{
"userId": "user1@example.com",
"name": "User 1"
},
{
"userId": "user2@example.com",
"name": "User 2"
}
]
./verification \
--accounts memory \
--accounts-json $(cat accounts.json)
...
