Skip to content

User Authorization

BlockApps STRATO integrates with enterprise user authorization framework, e.g., OAuth2, to allow user access and achieve single sign-on for blockchain applications.

Example Use Case with OAuth2 Server

We will illustrate a workflow how a web application based on BlockApps STRATO can be integrated with an existing enterprise OAuth2 server, which is one of the popular authorization frameworks.

When submitting a request to sign transactions with BlockApps STRATO, STRATO will use the acces token in the request to obtain user metadata. If user is not registered, STRATO will generate a key pair for the new user. If user is registered, STRATO will use corresponding key to sign transactions via BlockApps STRATO key management solution interface.

Out-of-Band Server Registration

Enterprise IT administrator registers BlockApps STRATO node and grants it with a client ID, e.g., afsd987248_afk and a client secret, e.g., ki79_asfd89fadsjfa. There are multiple grant types the administrator can set. One of the recommended grant type for API access is CLIENT_CREDENTIALS, and the scope can be set to different user metadata, e.g., user ID, with read or write access.

Deploy BlockApps STRATO

Enterprise IT administrator can utilize the deployment script to start BlockApps STRATO node

authBasic=false OAUTH_ENABLED=true OAUTH_OPENID_DISCOVERY_URL=<your enterprise oauth server, e.g., https://accounts.google.com/.well-known/openid-configuration> OAUTH_CLIENT_ID=<registered client ID in OAuth, e.g., afsd987248_afk> OAUTH_CLIENT_SECRET=<registered client secret, e.g., ki79_asfd89fadsjfa> ./strato.sh --single

Sign Transactions with Access Token

  • chainid, optional, string, 32-bytes, query parameter
  • resolve, optional, boolean, query parameter. If the resolve flag is false, status in txResult may be pending
  • X-USER-UNIQUE-NAME and X-USER-ID, required, string, header. Obtained from enterprise OAuth server using access token per OAuth protocol
  • address, required, string. From address regarding transactions
  • type, FUNCTION, CONTRACT, or TRANSFER, required, string. Specifies type of transaction
  • payload, required. Format pertinent to each specified type as follows:

    FUNCTION, value and args are optional

    {
     "contractName": "SimpleStorage", 
     "contractAddress": "00000000000000000000000000000000deadbeef", 
      "value": "10", 
      "method": "get",
      "args": {}
    }
    

    CONTRACT, value and args are optional

    {
      "contract": "SimpleStorage", 
      "src": "contract SimpleStorage { uint storedData; function set(uint x) { storedData = x; } function get() returns (uint retVal) { return storedData; } }",
      "args": {},
      "value": "10000" 
    }
    

    TRANSFER

    {
      "toAddress": "00000000000000000000000000000000deadbeef",
      "value": "100000000"
    }
    

  • txParams, optional.

    nonce: integer, maximum 18446744073709552000, minimum 0

    gasLimit: integer, maximum 18446744073709552000, minimum 0

    gasPrice: integer, maximum 18446744073709552000, minimum 0

curl -X POST "http://localhost/strato/transaction?chainid=  ec41a0a4da1f33ee9a757f4fd27c2a1a57313353375860388c66edc562ddc781&resolve=true"
     -H "accept: application/json;charset=utf-8" 
     -H "X-USER-UNIQUE-NAME: uniqueUser" -H "X-USER-ID: 98765"
     -d '{
          "address":"00000000000000000000000000000000deadbeef",
          [
           {
            "type": “FUNCTION”,
            "payload": {
              "args":{“hello”:”world”},
              "value": "10", 
              "method": "aloha"
             }
           }
          ]
          “txParams” : {
            “nonce” : 5,
            “gasLimit” : 100000,
            “gasPrice”: 1000000  
          }
         }
        '
Expected response
{
  [
    "status": "success",
    "txHash": "41b1a0649752af1b28b3dc29a1556eee781e4a4c3a1f7f53f90",
    "txResult": null,
    "data": null
  ]
}