TInyAuth is an application providing a secure means for public-facing services for the TI-84+ CE to authorize users without requiring that users authenticate repeatedly or input credentials. Users authorize their calculators to access their TInyAuth account by downloading a keyfile from their Dashboard which contains a signed access token for their account and sending it to their device. The rest is managed via a secure API that the end user doesn't need to worry about.

Secure Keyfiles

Keyfiles are digitally signed by TInyAuth to prevent forgery. The Service's signing key renews on the 1st of every year, expiring any keys issued the previous year. Users may issue multiple keys against their account if they desire and may optionally supply an encryption passphrase for additional security.

OAuth2 Backend

Why reinvent the wheel, right? When complete, TInyAuth will use the OAuth2 framework to manage authorization requests from third parties.

The server was audited against the CIS (Center for Internet Security) Server Level 2 benchmark via OpenSCAP. In addition a penetration test was launched against the server as well as this resource. The full audit report is available by request.

Last Audit: Friday, Sept 1, 2023
Compliance Score: 90%
Audit Frequency: monthly

In addition the backend code powering the key generation and authentication has been seperately audited using Snyk and shows no code vulnerabilities.