Hyperledger Composer Web application user authentication

by

see https://github.com/hyperledger/composer-sample-networks/blob/v0.16.x/packages/trade-network/test/trading.js#L21 but use FileSystemCardStore instead of MemoryCardStore – we have an issue on documentation for this right now – https://github.com/hyperledger/composer/issues/3088 the general flow is :

Issue identity,
businessNetworkConnection.issueIdentity(NS + ‘#’ + userData.id,
userData.user); …. var userCard = new IdCard({…});
userCard.setCredentials(credentials); …

Import Card:
adminConnection.importCard(userCardName, userCard); …. .then(() => { //

Connect to the business network: (using the blockchain identity … 

businessNetworkConnection = new BusinessNetworkConnection({ cardStore: cardStore }); 
businessNetworkConnection.connect(userCardName); } ...

For all subsequent connects from that user (eg. from the web application he/she is logged into) :

bizNetworkConnection.connect(`${cardName})

ON user registration bit, once you received the registration payload, you can use Composer to create a participant and composer (blockchain) identity for that user – then create the card as above, connect to it (to get the certificate downloaded) then export that card, to be shared with the user that just registered. Using REST you can import the card (that has a connection profile that knows how to connect to the Composer runtime) then they can interact with the business network.

Do user registration / authentication, don’t have samples (others may answer in time)..

where cardname is for example the user id or email address, and execute whatever data changes or transactions you want.

So for example for POST /items when using JWT:

  • check if it has a valid token with request
  • create new BusinessNetworkConnection (above) or obtain from a pool
  • connect to this BusinessNetworkConnection by passing in the userId/cardname which you get from the token – which will retrieve the card from the cardstore
  • once connected, the user can interact with the business network

On authentication, obviously REST Server endpoints can be secured (with connect gateways secured for outward consumption). Have you considered using JWT as a strategy and/or considered Node-Red for registration/auth flow ?

Anyway these resources may help give you some insights:

https://medium.freecodecamp.org/securing-node-js-restful-apis-with-json-web-tokens-9f811a92bb52

https://www.compose.com/articles/authenticating-node-red-with-jsonwebtoken/

hope this helps.

More Related Contents:

  1. Performing a Stress Test on Web Application?
  2. What ways are out there to display a desktop notification from a web app?
  3. .dll already loaded in another classloader?
  4. What’s the difference between a web site and a web application? [closed]
  5. How can I handle time zones in my webapp?
  6. What is web.xml file and what are all things can I do with it?
  7. My Application Could not open ServletContext resource
  8. Solving the Double Submission Issue
  9. Error in starting hyperledger fabric network with hyperledger composer
  10. Wysiwyg with image copy/paste [closed]
  11. How can a web page read from the user’s serial port?
  12. How can I check if an app is installed from a web-page on an iPhone
  13. jQuery CSS plugin that returns computed style of element to pseudo clone that element?
  14. iPad Web App: Detect Virtual Keyboard Using JavaScript in Safari?
  15. Where is my iframe in the published web application/sidebar?
  16. What is the main-stream Java alternative to ASP.NET / PHP
  17. What is Rack middleware?
  18. Spring – No EntityManager with actual transaction available for current thread – cannot reliably process ‘persist’ call
  19. Cross Domain Resource Sharing GET: ‘refused to get unsafe header “etag”‘ from Response
  20. Initializing Log4J with Spring?
  21. Can I incorporate both SignalR and a RESTful API?
  22. Opening Native App. from Safari
  23. How do I get a list of all HttpSession objects in a web application?
  24. iPhone Web App – Stop body scrolling
  25. PathLocationStrategy vs HashLocationStrategy in web apps
  26. Deploying Springboot to Azure App Service
  27. Role/Purpose of ContextLoaderListener in Spring?
  28. “function not found” error when making both GET and POST requests to a Web App
  29. Access files from network share in c# web app
  30. ExceptionHandler doesn’t work with Throwable

Leave a Comment