You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: secure-identities/README.md
+15-2Lines changed: 15 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,12 +53,25 @@ A third package, [ws-identity-client](./ws-identity-client/README.md), is used t
53
53
54
54
The video from [2021-10-25 Peer Programming Call](https://wiki.hyperledger.org/display/CASIG/2021-10-25+Peer+Programming+Call) from 34:00 to 1:00:00 shows how to use the ws-wallet with Fabric. The ws-identity server is bundled within the REST API of the utility emissions channel. The process is:
55
55
56
-
- Use `ws-wallet new-key` to create a key for a user. It will store a private key and return the public key.
56
+
- Use `ws-wallet new-key` to create a key for a user. It will prompt you for a password, then store a private key encrypted with the password and return the public key.
57
57
- Request a session through the REST API ending in `/identity/webSocket/` using your public key and user name. The server will open up a session for your wallet to connect and return a sessionId and a connection URL.
58
58
- Now connect to the server using `ws-wallet connect <url> <sessionId>` If the public key of your user agrees with the public key used to open the connection, then the server will return a signature and session key. You can then use the signature and session key (webSocketKey) to perform additional operations on the REST API server, such as registering and enrolling users and operations on Fabric.
59
59
60
60
See [docs/ws-session.md](./docs/ws-session.md) for a detailed ECB diagram for setting up a web-socket identity session.
61
61
62
+
### Using the Web Socket from a Client App
63
+
64
+
Web socket comes with a REST endpoint to work with client applications such as mobile or web apps. The client app requests the signature and session key through the REST endpoint. The user will need to provide the password for the private key to authorize the access. The REST endpoint will then give the client app the signature and session key, which could then be used to authenticate it on Fabric.
65
+
66
+
To enable this, go to `secure-identities/ws-wallet` and
67
+
```
68
+
npm run start
69
+
```
70
+
71
+
From your client app, call the web-socket server's endpoint at ```http://localhost:9090/session/new``` or the host and port where your ws-wallet REST server is running and provide the name of the user's key and the URL where Fabric's ```/identity/webSocket``` is located so that the REST server could get you the session signature and ID.
72
+
73
+
Then use that session signature and ID with your requests to Fabric.
74
+
62
75
## Using the Vault Transit Server
63
76
64
77
The Vault Transit server is a centralized secure server to store secret keys for a number of users. The admin can set up different security profiles and then create users. All users can generate tokens and Transit public keys. Then the user can access Fabric by providing its token, and the Fabric application will check Vault's Transit key against the user's provided token to validate it.
@@ -76,4 +89,4 @@ For example, from 1:14:00 in the video from the [2021-10-25 Peer Programming Ses
76
89
- Now use the Vault new user's token to enroll that user, using the enrollment id and enrollment secret
77
90
- Once the user is enrolled, you can perform operations using that user's Vault token
78
91
79
-
See [Vault Identity README](vault-identity/README.md) for more details on how to use the Vault Transit engine with Fabric.
92
+
See [Vault Identity README](vault-identity/README.md) for more details on how to use the Vault Transit engine with Fabric.
0 commit comments