Skip to content

Setting Up OAuth on STRATO Node

BlockApps STRATO integrates with enterprise user authorization framework, e.g., OAuth2, to allow user access and achieve single sign-on for blockchain applications. In order to enable OAuth on a Node, additional configuration options must be passed to the node when STRATO is setup. This section provides the overview on how to enable the OAuth solution on the node during STRATO setup. For more information on why OAuth2 is needed and how OAuth works, you can see the [OAuth] topic under the [Quickstart] section of this documentation.

Parameters

For STRATO versions 4.4 and forward, the following variables will need to be either added to the script you use to start up and run STRATO or they will need to be passed as command line arguments before ./strato.sh.

The arguments are as follows:

HTTP_PORT=8080
You will need to add a port number for the OAuth integration. For OAuth, we currently recommend the use of port 8080.

NODE_HOST=<you_ip_address_or_localhost>:8080
Corresponding with the addition of a port, we will need to add the port number at the end of our node host variable.

OAUTH_JWT_VALIDATION_ENABLED=true
This enables the token validation.

OAUTH_JWT_VALIDATION_DISCOVERY_URL=<your keycloak or other credential provider link>

When running an application with OAuth enabled, you will also need to have authorization tokens saved an in enviroment file or read into a script and passed to your application. More detail about that can be found in the QuickStart - Oauth section.

For STRATO version 4.5 and further, a private key encryption variable is needed.

If you are manually starting a STRATO node with OAuth, you will be prompted for a key encryption password. This password is used to encrypt STRATO users' private keys.

If you need to start a new STRATO node programmatically, calling strato-getting-started from a script, you pass the environment variable PASSWORD into the strato-getting-started script. If starting STRATO without using strato-getting-started, the following command must be executed before the node will allow transactions to be signed by OAuth accounts:

docker exec -it strato_bloc_1 curl -X POST http://vault-wrapper:8000/strato/v2.3/password -H "Content-Type: application/json" -d '"<your_chosen_password>"'