Hello, recently concordium has switched to the new GRPCv2 API’s. These doesn’t support password authentication but X509 certification authentication as I’m seeing from the help file. (CONCORDIUM_NODE_GRPC2_X509_CERT or CONCORDIUM_NODE_GRPC2_CERT_PRIVATE_KEY).
This isn’t officially documented… I’m not finding how to use this with concordium official’s nodejs sdk [createConcordiumClient].
Moreover, both getBlockSummary (function) and transactionSummaries (list) are deprecated and I’m not finding a function which can replace it, the upgrading from v1 to v2 guide advices to use another function which provide only a portion of getBlockSummary result. What I have to use in order to successfully switch to grpc v2?
Regarding getBlockSummary, the documentation in migration is indeed lacking.
But the relevant other functions are
- getBlockTransactionEvents
- getBlockSpecialEvents
- getBlockFinalizationSummary
- getBlockPendingUpdates
The first gets you outcomes of transactions, the second is used for rewards.
Regarding certificates, those options are for the node. You have to generate a certificate and start your node with the certificate and private key. Then you have to create a client with SSL support as documented here concordium-node-sdk-js/packages/nodejs at main · Concordium/concordium-node-sdk-js · GitHub
The two configuration options should point to a PEM encoded certificate and private key.
My question is not about on how to setup SSL but regarding a sort of authentication.
With GRPCv1 we had metadata (authentication header) which supported a passphrase in order to access endpoints which has been deprecated in V2 and I don’t find how to “replace” it.
Grpc itself does support mutual tls, how can I do that in concordium?
There is no authentication of clients in V2 API at present. The authentication in V1 API was not secure, so we did not deem it useful to port that authentication.
It would not be hard to add client certificate verification (i.e., you can tell the node to verify client certificates against a specific certificate) using the existing infrastructure. Would this suffice for your use-case?
yes client certificate authentication would fit, just I don’t know how to enable it in the right way.
I tried to write this in the previous response, but it is not supported at the moment.
We can add it to the next release which would be probably be mid April.
1 Like