search
WebsiteGitHubMarketplace

Authentication & authorization

Once your lab app is reachable through a secure remote desktop session, the next step is to integrate a control layer that decides who is allowed to access it, when, and to which specific lab. This is where DecentraLabs' authentication and authorization system comes into play.

To ensure secure, automated, and verifiable access management, DecentraLabs provides the blockchain-services component, available as open source at DecentraLabsCom/Blockchain-Servicesarrow-up-right. This component acts as the bridge between:

  • ✅ the lab gateway's reverse proxy managing incoming remote desktop sessions, and

  • 🔗 the blockchain smart contracts that govern lab reservations and permissions.

hashtag
What does it do?

When a user connects to a lab through the marketplace and initiates a session, the blockchain-services authentication module performs two critical tasks:

  1. Authentication It verifies the identity of the user via their Web3 wallet or federated login (e.g., through eduGAIN or RedIRIS).

  2. Authorization It checks whether the user has a valid reservation for a specific lab (based on the smart contracts on-chain) and determines:

    • If access should be granted

    • Which lab instance should be routed

    • When the access period starts and ends

Once validated, the blockchain-services authentication module issues a signed JWT token containing all the necessary information (lab ID, user ID, time window, etc.), which is used by the lab gateway to allow or deny access accordingly. This architecture ensures that only authorized users can access specific labs, within their allocated time slots, all with full auditability and blockchain-backed verification.

hashtag
Summary of the Flow

  1. A user reserves a lab through the DecentraLabs marketplace and the booking gets recorded onchain.

  2. At the scheduled time, they request access.

  3. The blockchain-services authentication module validates their identity and booking on-chain.

  4. If valid, it issues a signed JWT.

  5. The lab gateway receives the JWT, validates it, and opens the remote desktop session for the corresponding lab.

PreviousEnable your lab for online accessNextRegister as a provider

Last updated