How to enable user authentication with the composer-rest-server - Printable Version

+- ChaincodeDevs (
+-- Forum: Hyperledger Fabric (
+--- Forum: Composer (
+--- Thread: How to enable user authentication with the composer-rest-server (/showthread.php?tid=132)

How to enable user authentication with the composer-rest-server - admin - 07-28-2018

This tutorial is assuming you have gone through the steps of installing the BNA and starting the network. If you haven't, go here for instructions on that.

Note: Make sure you are logged in (in SSH/Putty) to the same user you used for the installation.

Why user auth?
If you are running the composer-rest-server on a server with a public IP address, it is strongly recommended that it is not open for anyone on the internet to perform actions on it, as it will be a security risk.

Step 1: Install PM2
First things first, every time we close our SSH session, we don't want our composer-rest-server to quit running. We will use PM2 to keep this process running in the background. Run:
npm install -g pm2
[Image: attachment.php?aid=78]

Step 2: Install passport-github
To install our authentication strategy, run:
npm install -g passport-github

Step 3: Get Auth Secret
Now go to GitHub and go to your user settings.
[Image: attachment.php?aid=79]

Then the "Developer Settings".
[Image: attachment.php?aid=80]

Now press the "New OAuth App" button.
[Image: attachment.php?aid=81]

Fill out the form like this. Replacing my server's IP address with your servers. If you are running this locally, use localhost:3000.
[Image: attachment.php?aid=83]

You will now see a Client ID and Client Secret. Make sure to save these for the next few steps.

Step 4: Create a Script File
Make sure you are in your "fabric-tools" directory that was created in the installation process.

Now, in your terminal run:

Now copy this into your newly created script file:
  "github": {
    "provider": "github",
    "module": "passport-github",
    "clientSecret": "THE CLIENT SECRET FROM GITHUB",
    "authPath": "/auth/github",
    "callbackURL": "/auth/github/callback",
    "successRedirect": "/",
    "failureRedirect": "/"
composer-rest-server -c admin@car-sales -a true -p 3000

Make sure to replace the clientID and clientSecret with the keys created with GitHub in Step 3.

Step 5: Dry Run
Now let's try to execute our script file. Run:

If your screen looks like this, all is well:
[Image: attachment.php?aid=84]

If you are getting permission errors, run:
chmod u+x

Step 6: Permanently run the REST server
Now that our dry run went will with no errors, press CTRL + C and exit the current script execution. Now run:
pm2 start

Now navigate to your servers IP address, ex: http://294.292.282:3000 or (if localhost) http://localhost:3000.

Try to perform a request (ex: GET request). You will notice you get an authorization error, like this:
[Image: attachment.php?aid=85]
Awesome, this means our authentication is working!

Step 7: Authenticate yourself
Now navigate to your auth route. ex: http://294.292.282:3000/auth/github or (if localhost) http://localhost:3000/auth/github

After authenticating yourself you will be able to perform requests.