blockchain-carbon-accounting icon indicating copy to clipboard operation
blockchain-carbon-accounting copied to clipboard

Published 20 hours ago verified publisher icon hyperledger-labs

add oauth 2.0 security to rest api

Open sichen1234 opened this issue 4 years ago • 10 comments

Add oauth 2.0 security to the rest api in https://github.com/hyperledger-labs/blockchain-carbon-accounting/tree/main/utility-emissions-channel/typescript_app for accessing the chain code.

Please use a popular oauth 2.0 library such as simple-oauth2 or client-oauth2

sichen1234 avatar Mar 15 '21 23:03 sichen1234

oauth 2.0 may be unnecessary if we get #11 working, but we should still have some way to secure the API endpoint against DDOS and other bot attacks.

sichen1234 avatar Mar 29 '21 16:03 sichen1234

We may also be storing meta data about customers data in the network, which should be secured, even if the transactions are signed by private keys offline.

sichen1234 avatar Mar 29 '21 16:03 sichen1234

Hi @sichen1234, newbie to this project and wants to contribute here, any guidelines to get involved? Plz, help me where should I make changes? Thanks.

afzal442 avatar Apr 12 '21 07:04 afzal442

I would like to work on it

afzal442 avatar Apr 12 '21 08:04 afzal442

Great. Please let us know if you have any questions.

Si Chen Open Source Strategies, Inc.

Video: Fighting Climate Change with Blockchain and Open Source https://youtu.be/NgxNWXa_IjE

On Mon, Apr 12, 2021 at 1:01 AM Afzal Ansari @.***> wrote:

I would like to work on it

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hyperledger-labs/blockchain-carbon-accounting/issues/100#issuecomment-817583597, or unsubscribe https://github.com/notifications/unsubscribe-auth/AANAS4O3XUXCR6H27Q7SP2TTIKSHPANCNFSM4ZHOFDAA .

sichen1234 avatar Apr 12 '21 14:04 sichen1234

Please let us know if you have any questions.

Integrating oauth 2.0 security is a kind of backend work, I think.

afzal442 avatar Apr 14 '21 17:04 afzal442

@sichen1234 @afzal442 Not sure where the work on this task is currently, but to be sure I figured I'll put this info down here as well: We've recently added** the same thing to Cactus so that if you expose your contracts as REST API endpoints or you just have some business logic in there, then the Cactus API server can be configured to require and validate JSON Web Tokens (JWTs) for the requests coming in. Then on top of that we also built in the possibility to have different REST API endpoints require certain OAuth2 scopes present in the JWT for fine grained, role based access control so that scenarios can be modeled like: the administrator can call endpoint A,B and C while regular users can only call C and D, things like that.

** pending approval on the PR https://github.com/hyperledger/cactus/pull/793

petermetz avatar Apr 16 '21 17:04 petermetz

Thanks @petermetz. Nice job. Well, I'm not sure but you can feel free to draft a PR for this too if you want. @sichen1234 will review that once you are done.

afzal442 avatar Apr 17 '21 00:04 afzal442

Hi, getting started as a new developer for this project. Is this task being worked on?

ayush110 avatar Nov 15 '22 22:11 ayush110

This part of the project is not too active right now. Would you like to work on some of the projects we've discussed recently in our Oct 24 and November 7 peer programming calls?

You're welcome to join the next one as well on November 21.

sichen1234 avatar Nov 16 '22 16:11 sichen1234