node.js - 401 Authorization Required integrating Hyperledger Composer REST API from Webapp -


introduction

i have hyperledger env running in secure mode following link https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html

and works fine if authenticate specified in document (hitting http://mydomain:3000/auth/github directly browser) , access rest api http://mydomain:3000/explorer , authorize various participants (i.e, issuing identity , adding them wallet , setting 1 default @ time) , see assets per .acl file.

issue

but started facing problems when started integrating rest api's from web application rather directly browser. first step from web app, called http://mydomain:3000/auth/github authenticate , started calling other apis (transaction/list, etc.) error 401: 'authorization required'

what have tried

gave web application url 'redirect url' in env variable hyperledger. , upon successful authentication (calling http://mydomain:3000/auth/github) redirected webapp home page afterwards accessing rest api's (from web app) again throws 'authorization required' error.

environment variaable below:

export composer_providers='{  "github": {   "provider": "github",   "module": "passport-github",   "clientid": "client_id",   "clientsecret": "client_secret",   "authpath": "/auth/github",   "callbackurl": "/auth/github/callback",   "successredirect": "http://localhost:8080/home.html",   "failureredirect": "/"  } }'

incorporated passport-github2 mechanism in web application (i.e, registered app oauth of github) , upon successful login web application; called http://mydomain:3000/auth/github authenticate blockchain , did not work out well.

i have few questions:

  1. is feasible call secured hyperledger rest api's web application?
  2. if yes, how it? don't find information in hyperledger composer documentation.

have been trying week , have no answers. appreciated. please let me know if unclear. thanks.

i commented problem on 1 of existing hyperledger github issues(below link) & want share solution solved problem me. https://github.com/hyperledger/composer/issues/142

solution: mentioned user sstone1

since rest server on different port number web application, need specify additional option http client pass cookies rest server. using angular http client, add withcredentials flag, example:

via angular:

this.http.get('http://mydomain:3000/api/myasset', { withcredentials: true })

via jquery ajax:

  $.ajax({     url: 'http://mydomain:3000/api/myasset',     xhrfields: {       withcredentials: true     },     headers: {       ...     }   })

Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

performance - Why is XCHG reg, reg a 3 micro-op instruction on modern Intel architectures? -

i'm doing micro-optimization on performance critical part of code , came across sequence of instructions (in at&t syntax): add %rax, %rbx mov %rdx, %rax mov %rbx, %rdx i thought had use case xchg allow me shave instruction , write: add %rbx, %rax xchg %rax, %rdx however, dimay found agner fog's instruction tables , xchg 3 micro-op instruction 2 cycle latency on sandy bridge, ivy bridge, broadwell, haswell , skylake. 3 whole micro-ops , 2 cycles of latency! 3 micro-ops throws off 4-1-1-1 cadence , 2 cycle latency makes worse original in best case since last 2 instructions in original might execute in parallel. now... cpu might breaking instruction micro-ops equivalent to: mov %rax, %tmp mov %rdx, %rax mov %tmp, %rdx where tmp anonymous internal register , suppose last 2 micro-ops run in parallel latency 2 cycles. given register renaming occurs on these micro-architectures, though, doesn't make sense me done way. why wouldn't register renamer ...
Read more

c# - Asp.net web api : redirect unauthorized requst to forbidden page -

im trying redirect unauthorized request forbidden page instead i'm getting forbidden page in response body , how can fix ? here's startup class : app.createperowincontext(storecontext.create); app.createperowincontext<applicationusermanager>(applicationusermanager.create); app.createperowincontext<applicationsigninmanager>(applicationsigninmanager.create); app.usecookieauthentication(new cookieauthenticationoptions { authenticationtype = defaultauthenticationtypes.applicationcookie, expiretimespan = timespan.fromdays(30), }); app.useexternalsignincookie(defaultauthenticationtypes.externalcookie); app.usetwofactorsignincookie(defaultauthenticationtypes.twofactorcookie, timespan.fromminutes(5)); app.usetwofactorrememberbrowsercookie(defaultauthenticationtypes.twofactorrememberbrowsercookie); the method im trying reach : [httpget] [authorize(roles = "admin")] public string getcurrentusername() { return userman...
Read more