at_onboarding_cli 1.6.3 at_onboarding_cli: ^1.6.3 copied to clipboard
Dart tools for initial client onboarding, subsequent client enrollment, and enrollment management.
List of steps to run the examples for checking apkam enrollment
- Onboard an atsign which will get the privilege to approve/deny enrollments:
- run:
dart example/onboard.dart -a <atsign> -c <CRAM secret> -k <path_store_keys_file>
- e.g.
dart example/onboard.dart -a @alice -k /home/alice/.atsign/@alice_wavikey.atKeys -c b26455a907582760ebf35bc4847de549bc41c24b25c8b1c58d5964f7b4f8a43bc55b0e9a601c9a9657d9a8b8bbc32f88b4e38ffaca03c8710ebae1b14ca9f364
- If you do not already have the CRAM Secret for your atsign
run:
dart example/get_cram_key.dart -a <@atsign>
- run:
- Authenticate using the onboarded atsign:
- run:
dart example/apkam_examples/apkam_authenticate.dart -a <atsign> -k <path_of_keys_file_from_#1>
- e.g.
dart example/apkam_examples/apkam_authenticate.dart -a @alice -k /home/alice/.atsign/@alice_wavikey.atKeys
- run:
- Run client to approve enrollments:
- run:
dart example/apkam_examples/enroll_app_listen.dart -a <atsign> -k <path_of_keys_file_from_#1>
- e.g
dart example/apkam_examples/enroll_app_listen.dart -a @alice -k /home/alice/.atsign/@alice_wavikey.atKeys
- run:
- Get OTP for enrollment
- 4.1 Perform a PKAM authentication through the ssl client
- 4.1.1 Get the challenge from the atServer:
- run:
from:<@atsign>
e.g.from:@alice
- This generates a string which is called the challenge which will be used to generate the authentication token
- run:
- 4.1.2 Create a pkamSignature that can be used to authenticate yourself
- Clone at_tools from https://github.com/atsign-foundation/at_tools.git
- Change directory into 'at_tools/packages/at_pkam>'
- run:
dart bin/main.dart -p <keys_file_path> <from_response>
- e.g
dart bin/main.dart -p /home/alice/.atsign/@alice_wavikey.atKeys -r _70138292-07b5-4e47-8c94-e02e38220775@alice:883ea0aa-c526-400a-926e-48cae9281de9
- This should generate a hash, which is called the pkamSignature which will be used to authenticate into the atServer
- 4.1.3 Now that a pkamSignature is generated, use it to authenticate
run:pkam:enrollmentId:<enrollmentId>:<pkamSignature>
[enrollmentId - get it from the .atKeys file]
- 4.1.1 Get the challenge from the atServer:
- 4.2 Once authenticated run
otp:get
- Now copy the 6-digit alpha-numeric code which is the OTP
- 4.1 Perform a PKAM authentication through the ssl client
- Request enrollment
- 5.1 Submit enrollment from new client:
- run:
dart example/apkam_examples/apkam_enroll.dart -a <atsign> -k <path_to_store_keys_file> -o <otp>
- Note: this path has to be different from the path provided in Step#1 as this is a new file
- e.g.
dart example/apkam_examples/apkam_enroll.dart -a @alice -k /home/alice/.atsign/@alice_buzzkey.atKeys -o DY4UT4
- run:
- 5.2 Approve the enrollment from the client from #3
- To approve the enrollment type
yes
and then Enter
- To approve the enrollment type
- 5.3 Enrollment should be successful and atKeys file stored in the path specified
- 5.1 Submit enrollment from new client:
- Authenticate using the enrolled keys file
- 6.1 run:
dart example/apkam_examples/apkam_authenticate.dart -a <atsign> -k <path_of_keys_file_from_#5.1>
- Note: this keys file is different from the keys file generated in Step#1. This new file only has access to the data that is allowed to access from this enrollment_id
- 6.1 run: