firefly icon indicating copy to clipboard operation
firefly copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

Documentation: Custom identity walkthrough

Open peterbroadhurst opened this issue 2 years ago • 1 comments

Here's a shell starting point:

> go install github.com/hyperledger/firefly-cli/ff@latest                                                                                                                                                
> # Build FireFly from main
> make docker
...

> # Start FireFly with manifest to use the local docker build, rather than latest release
> ff init -m manifest.json ids 2
initializing new FireFly stack...
Stack 'ids' created!
...

> # Start up the stack
> ff start ids
reading stack config... done
this will take a few seconds longer since this is the first time you're running this stack...
...

> # Create a signing key for new identity
> ACCOUNT=$( curl -sH 'Content-Type: application/json' -d '{"jsonrpc":"2.0","id":"1","method":"personal_newAccount","params":["myunlockpw"]}'  http://localhost:5100 | jq -r '.result' )
> echo $ACCOUNT
{"jsonrpc":"2.0","id":"1","result":"0x1a57a77bf68df300fc5e7bf4f5e851596a222f66"}

> # Unlock the new signing key on the node - must be repeated after every node restart
> curl -H 'Content-Type: application/json' -d '{"jsonrpc":"2.0","id":"1","method":"personal_unlockAccount","params":["'$ACCOUNT'","myunlockpw",0]}'  http://localhost:5100
{"jsonrpc":"2.0","id":"1","result":true}

> # Query our parent org
> # Note there's a TODO to allow you to specify the DID as an input here, rather than needing the UUID
> ORG_UUID=$( curl -s 'http://localhost:5000/api/v1/status' | jq -r '.org.id' )
> echo $ORG_UUID

> # Register with FireFly - using convenience of confirm=true as doing from the cmdline
> curl -H 'Content-Type: application/json' -d '{"name":"myid1","key":"'$ACCOUNT'","parent":"'$ORG_UUID'"}' 'http://localhost:5000/api/v1/namespaces/default/identities?confirm=true'

> # Query the new identity
> curl -s 'http://localhost:5000/api/v1/namespaces/default/identities' | jq

peterbroadhurst avatar Mar 22 '22 19:03 peterbroadhurst

Came across this while looking for information on how to use the Identity and Auth / Permissions with Firefly (Specifically the DID and key-exchange parts for parties). It seems all the API are open for anyone to call without identity or auth/permissions.

The documentation of Firefly does not seems to have much information on how to leverage the DIDs or the associated keys. Any info or example would be great on what are the recommendations / best-practices for:

  • how a party (person or org) and their DID can be retrieved in the Firefly scenario, and
  • how two parties (whose DIDs are known for each other) can establish a secure communication with key-exchange and start talking to each other.

Or are the DIDs and the Keys out-of-scope for FireFly? How to make FireFly work with, say, INDY ?

KrishnaPG avatar Jul 23 '22 10:07 KrishnaPG