at_onboarding_cli 1.8.0 copy "at_onboarding_cli: ^1.8.0" to clipboard
at_onboarding_cli: ^1.8.0 copied to clipboard

Dart tools for initial client onboarding, subsequent client enrollment, and enrollment management.

example/README.md

List of steps to run the examples for checking apkam enrollment

  1. Onboard an atsign which will get the privilege to approve/deny enrollments:
    • run: dart example/onboard.dart -a <atsign> -c <CRAM secret> -k <path_store_keys_file>
    • e.g. dart example/onboard.dart -a @alice -k /home/alice/.atsign/@alice_wavikey.atKeys -c b26455a907582760ebf35bc4847de549bc41c24b25c8b1c58d5964f7b4f8a43bc55b0e9a601c9a9657d9a8b8bbc32f88b4e38ffaca03c8710ebae1b14ca9f364
    • If you do not already have the CRAM Secret for your atsign run: dart example/get_cram_key.dart -a <@atsign>
  2. Authenticate using the onboarded atsign:
    • run: dart example/apkam_examples/apkam_authenticate.dart -a <atsign> -k <path_of_keys_file_from_#1>
    • e.g. dart example/apkam_examples/apkam_authenticate.dart -a @alice -k /home/alice/.atsign/@alice_wavikey.atKeys
  3. Run client to approve enrollments:
    • run: dart example/apkam_examples/enroll_app_listen.dart -a <atsign> -k <path_of_keys_file_from_#1>
    • e.g dart example/apkam_examples/enroll_app_listen.dart -a @alice -k /home/alice/.atsign/@alice_wavikey.atKeys
  4. Get OTP for enrollment
    • 4.1 Perform a PKAM authentication through the ssl client
      • 4.1.1 Get the challenge from the atServer:
        • run: from:<@atsign> e.g. from:@alice
        • This generates a string which is called the challenge which will be used to generate the authentication token
      • 4.1.2 Create a pkamSignature that can be used to authenticate yourself
        • Clone at_tools from https://github.com/atsign-foundation/at_tools.git
        • Change directory into 'at_tools/packages/at_pkam>'
        • run: dart bin/main.dart -p <keys_file_path> <from_response>
        • e.g dart bin/main.dart -p /home/alice/.atsign/@alice_wavikey.atKeys -r _70138292-07b5-4e47-8c94-e02e38220775@alice:883ea0aa-c526-400a-926e-48cae9281de9
        • This should generate a hash, which is called the pkamSignature which will be used to authenticate into the atServer
      • 4.1.3 Now that a pkamSignature is generated, use it to authenticate
        run:pkam:enrollmentId:<enrollmentId>:<pkamSignature> [enrollmentId - get it from the .atKeys file]
    • 4.2 Once authenticated run otp:get
      • Now copy the 6-digit alpha-numeric code which is the OTP
  5. Request enrollment
    • 5.1 Submit enrollment from new client:
      • run:dart example/apkam_examples/apkam_enroll.dart -a <atsign> -k <path_to_store_keys_file> -o <otp>
      • Note: this path has to be different from the path provided in Step#1 as this is a new file
      • e.g. dart example/apkam_examples/apkam_enroll.dart -a @alice -k /home/alice/.atsign/@alice_buzzkey.atKeys -o DY4UT4
    • 5.2 Approve the enrollment from the client from #3
      • To approve the enrollment type yes and then Enter
    • 5.3 Enrollment should be successful and atKeys file stored in the path specified
  6. Authenticate using the enrolled keys file
    • 6.1 run: dart example/apkam_examples/apkam_authenticate.dart -a <atsign> -k <path_of_keys_file_from_#5.1>
    • Note: this keys file is different from the keys file generated in Step#1. This new file only has access to the data that is allowed to access from this enrollment_id