node.jshyperledgerpassport.jshyperledger-composerpassport-github2

401 Authorization Required integrating Hyperledger Composer REST API from Webapp

Introduction

I have a hyperledger env running in secure mode by following this link https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html

and it works fine if I authenticate as specified in the document (hitting http://mydomain:3000/auth/github directly from the browser) and then access the Rest API from the http://mydomain:3000/explorer and could authorize as various participants (i.e, issuing identity and adding them to the wallet and setting one as default at a time) and could see the assets as per the .acl file.

Issue

But I started facing problems when I started integrating the Rest API's from my web application rather directly from the browser. As a first step from my web app, I called the http://mydomain:3000/auth/github to authenticate and then started calling the other APIs (transaction/list, etc.) but I do always get Error 401: 'Authorization Required'

What i have tried

Gave my web application URL as the 'Redirect URL' in the env variable for the hyperledger. And upon successful authentication (calling http://mydomain:3000/auth/github) it successfully redirected to my webapp home page but afterwards accessing the Rest API's (from web app) again throws 'Authorization Required' error.

Environment variaable as below:

export COMPOSER_PROVIDERS='{
 "github": {
  "provider": "github",
  "module": "passport-github",
  "clientID": "CLIENT_ID",
  "clientSecret": "CLIENT_SECRET",
  "authPath": "/auth/github",
  "callbackURL": "/auth/github/callback",
  "successRedirect": "http://localhost:8080/home.html",
  "failureRedirect": "/"
 }
}'

Incorporated passport-github2 mechanism in my web application (i.e, registered my app with the oauth of github) and upon successful login to my web application; called the http://mydomain:3000/auth/github to authenticate to the blockchain and it did not work out as well.

I have a few questions:

  1. Is it feasible to call the secured hyperledger Rest API's from another web application?
  2. If Yes, how to do it? I don't find that information in the hyperledger composer documentation.

Have been trying this for a week now and have no answers. Any help would be greatly appreciated. Please let me know if anything is unclear. Thanks.

Solution

  • I commented about this problem on one of the existing hyperledger github issues(below link) & I want to share the solution that solved this problem for me. https://github.com/hyperledger/composer/issues/142

    Solution: as mentioned by user sstone1

    Since the REST server is on a different port number to your web application, you need to specify an additional option to your HTTP client to pass the cookies to the REST server. Using the Angular HTTP client, you add the withCredentials flag, for example:

    via Angular:

    this.http.get('http://mydomain:3000/api/MyAsset', { withCredentials: true })

    via JQuery AJAX:

      $.ajax({
    url: 'http://mydomain:3000/api/MyAsset',
    xhrFields: {
      withCredentials: true
    },
    headers: {
      ...
    }
  })