How to setup Management API confs


#1

Hi !

I have some trouble using the management API.

I think I have understood the process, but I can’t succeed to get it working.

Actually, I understand that each APP ( peatio, barong, applogic ) should sign their data with private key before sending it to the other app ( ex : applogic > peatio, for withdraws ).
So, applogic should sign their data with it’s own private key, send it to peatio which should verify the sender with applogic’s public key. Then, peatio will answer to applogic and sign token with peatio’s private key, and then applogic will verify with peatio’s public key.

The problem is that I don’t find where to store the private key for each apps.

I think I have misunderstood something.
The JWT_PUBLIC_KEY in application.yml is related to same key as in management_api_v1.yml ?
Why (and how) it is possible tu multisign request ?

Thank you


#2

Hello

JWT_PUBLIC_KEY is public key used for barong authentication, while barong has private part of same key. It is not connected to peatio management API.

Management API uses separate JWT key.

To figure out how management API works

To figure out how to configure management API


#3

Hi ! Thank you for your answer.

First, thanks for the precision about JWT_PUBLIC_KEY, but for the management API, what I don’t understand is where to store the private keys ?

I understand that in management_api_v1.conf I should put the public keys, which will verify the signature. But where should I store private keys for the signers ?

For example, with applogic and peatio :

Applogic management_api_v1.yml :

  • Should store the public key from peatio + scopes

But on peatio, on management_api_v1.yml, I should put public key from barong, but where should I store the private key which will sign data for applogic ?

Thank you


#4

In applogic management_api_v1.yml you should store private key.


#5

Hum ok, but it is not mentionned at all, there is only reference to public key, this is why I don’t understand. So I have to store public keys from signers + private key from current app in management_api_v1.yml ?

Edit : Ok I succeed . You should store public keys in peatio and barong management_api_v1.yml , and the private keys in applogic management_api_v1.yml


#6

Hi
I have peatio and barong and applogic working , seems I am doing something wrong. in the keys and management_api_v1.yml
keep getting this error no matter what i change .
I generated keys for Peatio and Barong and applogic I put public put the public key as described above. how about the scopes.

peatio/config/initializers/jwt.rb:23:in `fetch’: key not found: :scopes (KeyError)

I can understand

line 23

x.fetch(:scopes).values.each do |scope|
%i[permitted_signers mandatory_signers].each do |list|

looking for list of scopes but the list is there
can you describe in a few steps about these keys and proper scope. any sample file other than " permitted_signers: [‘backend-1.mycompany.example’, ‘backend-2.mycompany.example’]
"?


#7

Here is how I configured my files :

Peatio management_api_v1.yml

keychain:
    applogic:
        algorithm: RS256
        value: YOUR_PEATIO_PUBLIC_KEY
jwt: 
    verify_expiration: true
    verify_not_before: true
    verify_iss: false
    verify_iat: false
    verify_jti: false
    verify_aud: false
    verify_sub: false
    leeway: 0
    algorithms: ['RS256']

scopes:
    write_withdraws:
        permitted_signers: ['applogic']
        mandatory_signers: ['applogic']

Barong management_api_v1.yml

keychain:
    applogic:
        algorithm: RS256
        value: YOUR_BARONG_PUBLIC_KEY

jwt: 
    verify_expiration: true
    verify_not_before: true
    verify_iss: false
    verify_iat: false
    verify_jti: false
    verify_aud: false
    verify_sub: false
    leeway: 0
    algorithms: ['RS256']


scopes:
    otp_sign:
        permitted_signers: ['applogic']
        mandatory_signers: ['applogic']

Applogic management_api_v1.yml

barong:
  keychain:
    applogic:
      algorithm: RS256
      value: YOUR_BARONG_PRIVATE_KEY

  jwt: 
      verify_expiration: true
      verify_not_before: true
      verify_iss: false
      verify_iat: false
      verify_jti: false
      verify_aud: false
      verify_sub: false
      leeway: 0
      algorithms: ['RS256']

  actions:
     otp_sign:
      required_signatures:   ['applogic']
      requires_barong_totp:  true

peatio:
  keychain:
    applogic:
      algorithm: RS256
      value:  YOUR_PEATIO_PRIVATE_KEY
  jwt: 
      verify_expiration: true
      verify_not_before: true
      verify_iss: false
      verify_iat: false
      verify_jti: false
      verify_aud: false
      verify_sub: false
      leeway: 0
      algorithms: ['RS256']

  actions: 
    write_withdraws:
      required_signatures: ['applogic']
      requires_barong_totp:  true

I hope it will help you :wink:


#8

that’s very helpful . I am sure this will also help many others. that error is gone and looks like things worked.

I am still missing something somewhere as this message

(barong) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected


#9

something 100% wrong in my configuration, what actually could be wrong

I am still with this issue
(barong) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

I changed this levels abut still same, I didn’t see the profile and fund page.
mysql> select * from levels ;
±—±------±---------±-------------------------------------------±--------------------±--------------------+
| id | key | value | description | created_at | updated_at |
±—±------±---------±-------------------------------------------±--------------------±--------------------+
| 1 | email | verified | User clicked on the confirmation link | 2018-10-03 15:07:36 | 2018-10-03 15:07:36 |
| 2 | email | verified | User entered a valid code from sms | 2018-10-03 15:07:36 | 2018-10-03 15:07:36 |
| 3 | email | verified | User personal documents have been verified | 2018-10-03 15:07:36 | 2018-10-03 15:07:36 |
±—±------±---------±-------------------------------------------±--------------------±--------------------+
3 rows in set (0.00 sec)

I tried everything. I have everything else working only this issue left. any idea what am I missing?


#10

Hi Anthony, I could not overcome this problem.