quorum-board#197: add qlight token manager plugin (#224)

* QLight Token Manager plugin usage * changes * Apply suggestions from code review * move qlight token manager doc to the conf doc file * TW edits Co-authored-by: Roland Tyler <[email protected]>
Consensys · May 16, 2022 · f49d63c · f49d63c
1 parent 94a42a9
commit f49d63c
Showing 1 changed file with 61 additions and 0 deletions.
diff --git a/docs/configure-and-manage/configure/qlight-node.md b/docs/configure-and-manage/configure/qlight-node.md
@@ -52,3 +52,64 @@ Specify a refresh mechanism for the token using [`--qlight.client.token.manageme
 
 You can add an encryption layer on the qlight client-server communication.
 Configure the encryption layer using the [`qlight.tls.*`](../../reference/cli-syntax.md#qlighttls) command line options.
+
+## Configure the `client-security-plugin` mode
+
+In this mode, the configured Go-Quorum plugin is called when the token expiry is reached.
+You can configure and even develop your own implementation of this plugin.
+
+The plugins are in the ConsenSys repository and are downloaded automatically to the plugins directory.
+
+You can provide your own plugin implementation. Refer to the [use of plugin with the hello world tutorial](../../tutorials/use-plugin.md) and follow the same steps with the following projects:
+
+- [ProtoBuf model](https://github.com/ConsenSys/quorum-plugin-definitions/blob/master/qlight-token-manager.proto) - GoQuorum plugins are based on the Hashicorp plugin model, this is a gRPC model for the communication interaction.
+
+- [QLight Token Manager Plugin SDK in Go](https://github.com/ConsenSys/quorum-qlight-token-manager-plugin-sdk-go) - The model is pre-compiled as an SDK you can refer to, so you can develop your own implementation.
+
+- [GoQuorum Qlight Token Manager Plugin](https://github.com/ConsenSys/quorum-plugin-qlight-token-manager) - The Go-Quorum implementation using the Ory Hydra OAuth server.
+
+You can refer to the [QLight Client with Token Manager Plugin](https://github.com/baptiste-b-pegasys/quorum-examples/pull/1/files#diff-f1ae6238d92e0b4f764eede62765302b1cfffee7e9a971a48ee97354b57b9686) Docker-compose file in the GoQuorum examples.
+
+### Steps
+
+1. Configure the plugins (`plugins/geth-plugin-settings.json`)
+
+    ```json
+    {
+    "baseDir": "./plugins",
+    "providers": {
+    "qlighttokenmanager": {
+        "name":"quorum-plugin-qlight-token-manager",
+        "version":"1.0.0",
+        "config": "file://./plugins/qlight-token-manager-plugin-config.json"
+    },
+    "helloworld": {
+        "name":"quorum-plugin-hello-world",
+        "version":"1.0.0",
+        "config": "file://./plugins/hello-world-plugin-config.json"
+    }
+    }
+    }
+    ```
+
+2. Configure the qlight token manager (`plugins/qlight-token-manager-plugin-config.json`)
+
+    ```json
+    {
+        "url":"https://multi-tenancy-oauth2-server:4444/oauth2/token",
+        "method":"POST",
+        "parameters":{
+            "grant_type":"client_credentials",
+            "client_id":"${PSI}",
+            "client_secret":"foofoo",
+            "scope":"rpc://eth_* p2p://qlight rpc://admin_* rpc://personal_* rpc://quorumExtension_* rpc://rpc_modules psi://${PSI}?self.eoa=0x0&node.eoa=0x0",
+            "audience":"Node1"
+        }
+    }
+    ```
+
+3. Enable the plugins configuration in the geth arguments
+
+    Add the flag `--plugins file://./plugins/geth-plugin-settings.json --plugins.skipverify` so GoQuorum enables them.
+
+    (`skipverify` will skip the verification of the plugins integrity)