🚀
Energy Web X Ecosystem
  • Energy Web X Ecosystem
  • Documentation Overview
  • Core Concepts
    • Energy Web Chain
    • Energy Web X
    • Energy Web Tokens
      • Token Lifting
      • Token Lowering
    • Worker Nodes and Worker Node Networks
      • Server-based Worker Node
      • Marketplace App (desktop-based)
    • Worker Node Operator
    • Smart Flows and Groups
    • Subscription
    • Reward Period
    • Voting and Consensus
    • Ethereum
      • Transactions and Transaction Costs
    • Decentralized Identifiers (DIDs)
  • EWC ECOSYSTEM
    • Energy Web Chain
      • System Architecture
        • Proof-of-Authority Consensus Mechanism
        • System Contracts
          • Name registry
          • Holding Contract
          • Block Reward Contract
          • Validator-Set Contract
        • Validator Node Architecture
      • Energy Web Block Explorer
      • Energy Web Chain Governance & Validators
    • Energy Web Tokens
  • EWX ECOSYSTEM
    • Energy Web X
    • EWX: Architecture
    • Pallets
      • Worker Node Pallet
      • Balances Pallet
      • Proxy Pallet
      • XCM Pallet
      • Assets Pallet
      • Multisig Pallet
      • Scheduler Pallet
      • Preimages Pallet
      • Offences Pallet
      • Eth-Bridge Pallet
      • Token-Manager Pallet
      • Ethereum-events pallet
      • Avn Pallet
    • Worker Nodes
      • 🖥️The Marketplace App
        • Operator and Worker Accounts
          • Creating an operator account
          • Funding an operator account
          • Connecting to operator account
          • Disconnecting an operator account
          • Creating a worker account
          • Importing worker account
          • Exporting worker account
          • Linking a worker account to an operator account
          • Unlinking a worker account from an operator account
        • How to use Ledger on Marketplace App
        • Token Management
          • Creating an EWC account
          • Managing EWC accounts
          • Lifting tokens
          • Lowering tokens
          • Tracking lifting and lowering transactions
          • Checking EWT balance
        • Subscriptions
          • Subscribing to a solution group
          • Topping-up subscription amount
          • Managing subscriptions
          • Unsubscribing from a solution group
          • Unsubscribing delay
        • Worker Node and Rewards
          • Configuring remote worker node
          • Switching worker node location to remote
          • Participating into worker node network
          • Votes casted per Period
          • Reward Period
          • Checking rewards
          • Claiming rewards
        • FAQ: Marketplace App
        • Location Services
      • 🗄️Server-based Worker Nodes
        • Deployment Guide
        • Bootstrapping Server-based Worker Node Accounts
        • FAQ: Server-based Worker Nodes
      • Worker Node use cases
        • Sample Enterprise Use-Cases
          • Operating Envelopes Partitioning
          • ZEL Request Partitioning
          • Green Proofs
            • SAFc
            • Green Proofs for Bitcoin (GP4BTC)
            • Green Proofs as a Service (GPSaaS)
            • Green Proofs for Electrical Vehicles (GP4EV)
  • ENERGY SOLUTIONS
    • Green Proofs by Energy Web
      • Green Proofs Overview
      • Green Proofs Architecure
      • Green Proofs Software Stack
      • Use Cases and Reference Implementations
        • 24x7 Renewable Electricity
        • Sustainable Aviation Fuel
        • Green Proofs for Bitcoin
          • GP4BTC Miner Guide
        • Decarbonizing Shipping
        • Green Proofs for Electrical Vehicles
        • Green Proofs as a Service (GPSaaS)
    • Digital Spine by Energy Web
      • Design and Architecture
      • Component Guides
        • Energy Web Name Service (ENS)
        • Self-Sovereign Identities
          • SSI-Hub
          • Technical Guide
            • Organizations
            • Applications
            • Roles and IAM
          • Deployment Guide
            • Deploy Identity Cache Server
            • Deploy Switchboard
        • DDHub Message Broker
          • Technical Guide
            • Authentication and Authorization
            • Topics
            • Messaging
          • Deployment Guide
            • Deploy DID Auth Proxy
            • Deploy Message Broker
        • DDHub Client Gateway
          • Technical Guide
            • Authentication and Authorization
              • Key Vault
            • Client Gateway Identity and VCs
            • Address Book
            • Topics
            • Channels
            • Integration Options
            • Messaging
          • Deployment Guide
            • Launchpad SaaS
            • Azure Marketplace
            • Self-Hosted
              • Deploy with Kubernetes
              • Deploy with Docker
            • Key Vault
              • Deploy with HashiCorp Key Vault
              • Deploy with Azure Key Vault
              • Deploy with AWS Secrets Manager
            • Rebranding and Whitelabelling
Powered by GitBook
On this page
  • Overview
  • User Guide
  • Pre-requisites
  • Setting up user authentication
  • Assigning a DID
  • Re-assigning a new DID
  1. ENERGY SOLUTIONS
  2. Digital Spine by Energy Web
  3. Component Guides
  4. DDHub Client Gateway
  5. Technical Guide

Authentication and Authorization

Overview

The Client Gateway offers flexible user authentication, allowing enterprises to decide whether to enable or bypass user-specific authentication based on their operational requirements.

For organizations choosing to implement user authentication, the Client Gateway supports two primary user scopes:

  1. Admin Scope

    • Provides full access to the configuration and management of the Client Gateway.

    • Admins can define message topics, manage storage, monitor scheduled tasks, and configure security settings.

    • They are responsible for maintaining the overall operation and performance of the CGW.

  2. Message Scope

    • Limited to sending, receiving, and processing messages through the Client Gateway.

    • Users with this scope can interact with defined message topics but do not have access to system configuration or administrative tasks.

The Client Gateway uses a Self-Sovereign Identity (SSI) key called a DID (Decentralized Identifier) to securely represent the gateway itself rather than individual users. Operational roles for the gateway are directly encoded in the DID.

User Guide

Pre-requisites

  • An environment suitable to deploy a fresh Client Gateway

  • A DID with roles assigned through Deploy Switchboard

  • A deployed Key Vault to store secrets

Setting up user authentication

To enable user authentication, the Client Gateway must be deployed with the following environment variables:

ENV_1=
ENV_2=

User credentials can then be stored manually in the deployed Key Vault.

Assigning a DID

Once an Admin scoped user logs into a fresh Client Gateway, there will be a form field to assign a DID to it. Once submitted, the backend service will sync all roles for the identity.

[Image here]

Re-assigning a new DID

In the overview section of the Client Gateway, there is a section to manage the currently assigned DID. Press the button as shown below to clear the current DID in order to assign a new one.

[Image here]

PreviousTechnical GuideNextKey Vault

Last updated 1 month ago