Device Identity Service - ONES Now Documentation

This guide provides detailed instructions how-to setup and use the Device Identity Service to support the Authentication Flow for secure user authentication.

Table of content

This device identity service is a pre-requirement for some other services:

ONES KYC and VHH Workstation
Javascript library with deviceIdentitySigningFunction
NestJS module

This service is not required for the WordPress SSO plugin, or Rust-based libraries.

1.0 Installation

To use the python package, you need to register your device with IDP first.

To register a new server, you need to have px-device-identity. To install it:

make sure you have at least Python 3.10
are logged in as root

pip3 install https://source.pantherx.org/px-device-identity_latest.tgz

# on some systems, you need to add a flag --break-system-packages, or install in a venv
# pip3 install https://source.pantherx.org/px-device-identity_latest.tgz --break-system-packages

After everything is installed, register the server.

Adjust “ServerName” easy to recognize
Adjust “Bangkok” to the server location; for ex. City

px-device-identity -o INIT -a https://idp-server.ones-now.com -dn onesid1.com -t "ServerName" -l "Bangkok" -r SERVER

Someone from the OnesID team will need to approve this request this request within 300s.

Schedule a time

Then install the package:

pip3 install https://source.pantherx.org/px-device-identity-service_latest.tgz

2.0 Usage as service

Command line arguments:

-p, --port: Port to run the service on
-ho, --host: Host to run the service on
-kd, --key-dir: Directory to store keys
-cd, --config-dir: Directory to store config
-d, --debug: Run in debug mode

2.1 Configure Systemd

Create a service file:

sudo nano /lib/systemd/system/px-device-identity.service

With the following content:

[Unit]
Description=Device Identity Service
After=multi-user.target

[Service]
Type=idle
ExecStart=px-device-identity-service
WorkingDirectory=/root
User=root

[Install]
WantedBy=multi-user.target

Enable and start the service:

sudo systemctl daemon-reload
sudo systemctl enable px-device-identity.service
sudo systemctl start px-device-identity.service

Status:

sudo systemctl status px-device-identity.service

3.0 Update

To update the package, simply

pip3 install https://source.pantherx.org/px-device-identity-service_latest.tgz

4.0 Troubleshooting

4.1 Systemd

4.1.1 Get the logs

If you are running the service as a systemd service, you can get the logs with:

journalctl -u px-device-identity-service

4.2 Resolve Address already in use

Find out which process is using the port:

sudo lsof -i :8000 -S
COMMAND     PID USER FD   TYPE   DEVICE SIZE/OFF NODE NAME
.px-devic 20821 root 10u  IPv4 96317154      0t0  TCP localhost:8000 (LISTEN)

Kill the process:

kill -9 20821