The purpose of this application will be as a replacement for TUSC, a long-deprecated user verification service. It will allow a TUSC-tool to verify the identity of the user via OAuth. Personally, this allows two of my tools to continue to function with minimal disruption.
The process will be as such:
1) The user accesses an application which contains an iframe to /magog/identity/start.php
2) The iframe displays a text indicating that the user has not authorized the application with instructions on how to proceed.
3) The user clicks to authorize the application.
4) The user is sent to /magog/identity/complete.php, which sets a cookie to labs root (/).
* If the user selects "remember this computer for 30 days", the cookie will be set to 30 days. An encrypted token will be stored by the tool for 30 days.
* If the user does not select "remember this computer for 30 days", the cookie will expire with the session. An encrypted token will be stored by the tool for 24 hours.
5) The user is redirected to the original application.
6) The IFrame now shows the user as logged in.
7) The user performs an action on the original application.
8) The original application uses the token from the cookie and sends it to magog/identity/verify.php.
9) verify.php returns a response indicating the verified username.
10) The iframe will make use of window.postMessage, allowing the original application to verify the user's status in Javascript before a backend submit.