Auth Service is a general Auth service provided by ABT Node for Blocklet.
Blocklet can be declaratively enabled and configured Auth Service in
Auth Service includes the following main capabilities:
- Set accessible after login
- Set accessible after authorization
- Set invitation login or open login
static-demo-blocklet is an html5 game that can be run on ABT Node. The following will introduce how to make a static-demo-blocklet with Auth capability (login protection)
- Prerequisites: Install and run ABT Node v1.2.0 or higher locally
- Download the project source code html-2048-sample
blocklet.ymlin the project root directory, find the interface whose name is publicUrl, and add the Auth Service configuration
interfaces: - type: web name: publicUrl path: / prefix: '*' port: BLOCKLET_PORT protocol: tcp + services: + - name: '@abtnode/auth-service'
blocklet bundlein the project root directory. After successful execution, you will see the successfully created blocklet bundle in
linchen@LinkdeMacBook-Pro html-2048-sample % blocklet bundle ℹ Bundling in zip mode for blocklet static-demo-blocklet... ✔ Creating blocklet bundle in .blocklet/bundle... Done in 0.018s ✔ Blocklet firstname.lastname@example.org is successfully bundled!
blocklet deploy .blocklet/bundlein the project root directory to publish the blocklet bundle to the locally running ABT Node.
linchen@LinkdeMacBook-Pro html-2048-sample % blocklet deploy .blocklet/bundle ℹ Try to deploy blocklet from /Users/linchen/code/blocklet/html-2048-sample/.blocklet/bundle to Local ABT Node ℹ Node did from config zNKqGAvUzcCowxtNA5r5gKQYUm2hR4X2SE2o ℹ Load config from /Users/linchen/code/arcblock/andata/.abtnode/abtnode.yml ✔ Blocklet email@example.com was successfully deployed!
- Start Static Demo in ABT Node dashboard
- When you visit Static Demo, you will see the login page, which means that Static Demo already has the Auth capability.
- After the login is successful, you will successfully see the game page. At this point, you will see the information of the logged-in user in the ABT Node dashboard.
https://github.com/blocklet/auth-demo: Implement login, logout, display user information, authentication and authorization functions based on Auth Service
Enable Auth Service by configuring in
blocklet.yml, under the interface that needs to start Auth Service
interfaces: - type: web name: xxxx # ... other interface config services: - name: '@abtnode/auth-service' - config: # ...
interfaces: - type: web name: publicUrl # ... other interface config services: - name: '@abtnode/auth-service' config: invitedUserOnly: no profileFields: - fullName - email - avatar webWalletUrl: https://web.abtwallet.io ignoreUrls: - /public/** blockUnauthenticated: true blockUnauthorized: false
invitedUserOnly: Is only invited users are allowed to login?
- default: no
profileFields: What info do you want user to provide when login?
- default: [fullName, email, avatar]
blockUnauthenticated: Do you want Auth Service block unauthenticated requests for you?
- default: true
blockUnauthorized: Do you want Auth Service block unauthorized requests for you?
- default: false
ignoreUrls: Which URLs do not need to be protected?
- default: none
webWalletUrl: The URL of your preferred web wallet instance
- default: https://web.abtwallet.io
After Auth Service is enabled, Auth Service will automatically intercept requests that are not logged in and jump to the Auth Service login page.
If Blocklet wants to handle unlogged requests by itself, it can be configured as follows:
interfaces: - type: web name: xxxx # ... other interface config services: - name: '@abtnode/auth-service' config: blockUnauthenticated: false
After enabling Auth Service, Auth Service will not automatically intercept unauthorized requests. Blocklet needs to handle it by itself.
If Blocklet wants Auth Service to automatically intercept unauthorized requests, you can do the following configuration:
interfaces: - type: web name: xxxx # ... other interface config services: - name: '@abtnode/auth-service' config: blockUnauthorized: true
After setting the Auth Service automatic interception, you need to bind the corresponding interface permissions for the user in the ABT Node dashboard.（The permission control of ABT Node is based on RBAC）
Configure invitation login or open login via
interfaces: - type: web name: xxxx # ... other interface config services: - name: '@abtnode/auth-service' config: invitedUserOnly: yes
- no: Open login (default)
- yes: Only log in via invitation link
- not-first: Only the first login user does not need to go through the invitation link