7.3. Logging in with a login key

To log in with a Blockchain key, the following happens:

  • User requests a challenge phase from the BDTS app
  • The phrase is locally signed using the private key
  • The signed message is sent to the server
  • The server verifies the signature on the blockchain using the smart contract
  • The user receives an OAuth token which he uses for further requests

Example:

Request the challenge:

# Get the challenge
curl -s -L https://app.smartbl.io/api/v1/challenge/

Response:

{
    "challenge_string": "cHoPMZxRry_hnhXnmRofKHJGKgU"
}

Now sign the challenge locally using web3 and log in using the signed challenge:

# username is the public Ethereum address of the key
# Password is the HEX encoded signed challenge
curl -s https://client_id:[email protected]/oauth/token/ \
--data="scope=read%20write
    &username=0xc1B8C5fFe3e21060d6Bd23e331043d8F02a560dA
    &password=0xaa6ab9b32f5ecdd7a209c016e3a76f85d7ed6469
                75f3eee959b2f5ebc958208b252d22d90ae7f694b4
                73d13ab155211e46958c0615ec52878dfd7c9fc42c
                fa9501
    &grant_type=password"

Response:

{
    // Token expiry time
    "expires_in": 600,
    // Refresh token
    "refresh_token": "cU8PqVszJXX8A3bzFWKjMUfJK3nXXB",
    // Access token to be used in Authentication: Bearer <token>
    "access_token": "WlMxwPLaAG3krmvJxyzkSiVgIGaPIdH",
    // Token type. Currently only “Bearer” is available
    "token_type": "Bearer",
    "scope": "read write"
}