Single-User Password Token

The purpose of the single-use token system in nuBuilder is to enhance security, particularly in scenarios where you might need to perform automated logins or grant temporary access to the system without exposing permanent passwords. This article outlines the key purposes and use cases for this system.

Purpose of the Token System

Enhanced Security

• Temporary Access: Tokens provide a secure way to grant temporary access to users. Once used, the token is invalidated, minimising the risk of unauthorised access if the token is intercepted.
• No Password Exposure: By using tokens instead of passwords, you avoid exposing permanent credentials in URLs or other potentially insecure places.

Automated Processes

• Auto-Login: Useful for systems that need to automatically log users in, such as background processes or integration with other applications.
• Single Sign-On (SSO): Integrate nuBuilder with other authentication systems, allowing users to log in once and gain access to multiple systems.

User Experience

• Passwordless Login: Simplifies the login process for users by providing a secure link or token to log in without remembering their password.
• One-Time Actions: Facilitates one-time actions like password resets, email verifications, or accessing specific resources.

Use Cases

Automated Workflows

• Another system can generate a token, store it in the nuBuilder database, and provide a link for the user to access nuBuilder directly without additional authentication steps. This is useful for systems that need to transition users between platforms seamlessly.

Temporary Access Links

• Create temporary access links for users to perform specific tasks. For example, an admin can send a user a link to approve a document or complete a form, with the link expiring after one use.

Secure API Access

• Allow external systems to authenticate with nuBuilder using single-use tokens, providing a secure way to interact with the system programmatically without exposing long-term credentials.

Setting the Token

Token Generation on Another System

• Pseudo-code Example:

// On the external system
$token = generateSecureToken();
$user_id = '5f958ad8b8c613d';
$sus_json = json_encode(['LOGIN_TOKEN' => $token]);
db_update('zzzzsys_user', 'zzzzsys_user_id', $user_id, ['sus_json' => $sus_json]);

Providing Access via a Secure Link

Once a token has been generated and stored in the nuBuilder database, a secure link can be provided to the user. This link, when clicked, will redirect the user directly to nuBuilder, where the token is verified and user authentication is processed.

• Process:
  • A secure link is constructed with the user's ID and the generated token as parameters.
  • The user receives this link via email or another secure method.
  • Clicking the link automatically redirects the user to nuBuilder and initiates the login process.

• Example Link:

www.yoursite.com/index.php?u=5f958ad8b8c613d&p=gir356sdfw345

Where:

`u` represents the user ID.

`p` represents the previously generated token.

Conclusion

The single-use token system in nuBuilder is designed to improve security and flexibility in user authentication. By leveraging tokens, you can securely implement auto-login, temporary access, and integration with other systems without exposing passwords or permanent credentials.