Deployment: OAuth2 Protocol
BlockApps STRATO integrates with enterprise user authorization framework, e.g., OAuth2, to allow user access and achieve single sign-on for blockchain applications. In order to enable OAuth on a Node, additional configuration options must be passed to the node when STRATO is setup. This section provides the overview on how to enable the OAuth solution on the node during STRATO setup. For more information on why OAuth2 is needed and how OAuth works, you can see the [OAuth] topic under the [Quickstart] section of this documentation.
For STRATO versions 4.4 and forward, the following variables will need to be either added to the script you use to start up and run STRATO or they will need to be passed as command line arguments before
The arguments are as follows:
HTTP_PORT=8080 NODE_HOST=<you_ip_address_or_localhost>:8080 OAUTH_ENABLED=true OAUTH_DISCOVERY_URL=<your keycloak or other credential provider link>
NODE_HOSTvariable. In addition,
OAUTH_ENABLED=trueenables the token validation.
When running an application with OAuth enabled, you will also need to have authorization tokens saved an in enviroment file or read into a script and passed to your application. More detail about that can be found in the QuickStart - Oauth section.
For STRATO version 4.5 and further, a private key encryption variable is needed.
If you are manually starting or restarting a STRATO node with OAuth, you will need to provide a key encryption password. This password is used to encrypt STRATO users' private keys.
If you need to start a new STRATO node programmatically, calling strato-getting-started from a script, you pass the environment variable
PASSWORDinto the strato-getting-started script. If starting STRATO without using strato-getting-started, the following command must be executed before the node will allow transactions to be signed by OAuth accounts:
docker exec -it strato_bloc_1 curl -X POST http://vault-wrapper:8000/strato/v2.3/password -H "Content-Type: application/json" -d '"<your_chosen_password>"'