I am planning to allow access to Smart Contract deployed into a Hyperledger Fabric blockchain network. I was able to create the network, install the contracts and use fabric-sdk-java to access the blockchain network (propose and submit transactions).
The problem is that all transaction are build using a single configured Identity (both certificate and private key).
To clarify, my REST application has a configuration file where is define
user.singcert.file = ... some local file ...
user.privatekey.file = ... some local file ...
I would wish that the user acessing the REST API would provide credentials and the proposed transaction would the signed using something based on this credentials, withou need to expose the private key.
Is there any approach to achieve this? Am I missing something?
After thinking a little about the problem, it have got an idea:
I can use OAuth2 authentication with Password Flow. The user will provide a password and this password will be used in conjunction with Fabric CA to get the user enrollment. I will also use a Custom encoded token with that Fabric CA enrolment code, among other data, allowing only the user know that password.