Node Authentication

Follow

Blockdaemon has begun to roll out token based authentication as an additional layer of security.

To address privacy in blockchain transactions, you will now need to input the token along with the node URL when connecting.*

This additional layer of privacy protection is now in place on Ethereum and Bitcoin personal nodes, but will soon be rolled out to all nodes.

*found in your node dashboard action>connect menu

acrion_menu_connect.jpg

 

 

0 out of 0 found this helpful

Comments

9 comments
  • Hey Michael,

    Can you share more specifics with me about the issues you're seeing so I can port this to our QA and Dev team to investigate? Either here, or via email to to get it into our ticketing system.

    0
    Comment actions Permalink
  • Thanks Bill. Does that mean Blockdaemon nodes can only accept the auth token as a url param? Just looking to be clear. And can the auth token be toggled off for the node, so it's not required?

    To reply on the go source code front, it's definitely a limitation of the Stellar sdk. The go version does allow you to send arbitrary request URL paths to the node (https://github.com/stellar/go/blob/master/clients/horizonclient/client.go#L42), but that approach sacrifices the desired abstraction of the SDK itself. Meaning, I wouldn't be able to do simple requests like:

    ```
    horizonreq := horizonclient.AccountRequest{AccountID: address}
    sourceAccount, err := client.AccountDetail(horizonreq)
    ```

    Instead, I'd have to hack around the client.AccountDetail, etc. methods by explicitly calling `horizonreq.BuildURL()` and appending the Blockdaemon `?auth=...` query param manually.

    Ideally, if you could use the Blockdaemon auth token as a request header param, I could just have the auth header as a default param to be included in all requests to the node. This could be done by passing in a preset HTTP client to `&Client{...}` here: https://github.com/stellar/go/blob/master/clients/horizonclient/main.go#L114

    Thanks,
    Michael

    0
    Comment actions Permalink
  • Is there documentation on the format for the auth token as a request header? Right now (at least for Stellar shared) I'm only seeing including the token as a URL query param `?auth=...`.

    This is causing issues for me with client SDKs that format URLs without the query param auth assumption.

    Thanks!

    0
    Comment actions Permalink
  • thank you. ticket created and submitted to our team.

    0
    Comment actions Permalink
  • Does that mean Blockdaemon nodes can only accept the auth token as a url param? Just looking to be clear. And can the auth token be toggled off for the node, so it's not required?<<

    no, it cannot be toggled off, it is always required

    I will reach out to our engineering team to see if your alternate is possible.

    0
    Comment actions Permalink
  • Hi Michael,

    Info from one of our Dev team:

    "I keep looking at the source code and I keep seeing this
    https://github.com/stellar/go/blob/master/clients/horizonclient/client.go#L207 clients/horizonclient/client.go:207

    func (c *Client) setDefaultClient() {stellar/go | Added by GitHub

    Well, the sdk they might be trying to use cannot set it cause they are acting if they can set the auth token as a header param instead of a url param. That makes me think it is a limitation on the SDK they are trying to use."

    Still investigating but this is a start.

    0
    Comment actions Permalink
  • Hi Bill,

    Just following up on auth token headers, in case you've heard anything from engineering. Thanks again for the help!

    Best,
    Michael

    0
    Comment actions Permalink
  • Hey Bill,

    Thanks for getting back. Just using Stellar again as an example.

    When querying a Horizon node, I have to set the node URL as a config param in the initialization of the SDK client instance. In Go, looks something like this

    ```
    func initClient() *horizonclient.Client {
    client := horizonclient.DefaultTestNetClient
    client.HorizonURL = cfg.Horizon
    return client
    }
    ```
    where cfg.Horizon is the node URL I'm using, set in a config file. For Blockdaemon public shared testnet, I think it should be `cfg.Horizon = "https://stellar-test.bdnodes.net"`.

    But a simple `curl -v https://stellar-test.bdnodes.net` from the command line returns an HTTP 401 Unauthorized, hence the need for the auth query param Blockdaemon provides in Connect Step 2 of my node's dashboard (i.e. "https://stellar-test.bdnodes.net/?auth=...." returns HTTP 2xx)

    But the Stellar client SDK will ignore this `?auth=` query param when formatted URLs to hit Horizon endpoints, so my requests from the SDK client instance all fail with 401's. Ideally, I could simply set a request header "Authorization: Bearer " on the http client the Stellar SDK client instance takes in, instead of worrying about a query param.

    Let me know if that helps to clarify the issue.

    Thanks,
    Michael

    0
    Comment actions Permalink
  • Yes, Blockdaemon nodes can only accept the auth token as a url param.

    0
    Comment actions Permalink

Please sign in to leave a comment.