I already created a business network using hyperledger composer and I created a simple web app for adding participants and submitting transactions through web interface by u
see https://github.com/hyperledger/composer-sample-networks/blob/v0.16.x/packages/trade-network/test/trading.js#L21 but use FileSystemCardStore instead of MemoryCardStore - we have an issue on documentation for this right now - https://github.com/hyperledger/composer/issues/3088 the general flow is :
Issue identity, businessNetworkConnection.issueIdentity(NS + '#' + userData.id, userData.user); .... var userCard = new IdCard({...}); userCard.setCredentials(credentials); ...
Import Card: adminConnection.importCard(userCardName, userCard); .... .then(() => { //
Connect to the business network: (using the blockchain identity ...
businessNetworkConnection = new BusinessNetworkConnection({ cardStore: cardStore });
businessNetworkConnection.connect(userCardName); } ...
For all subsequent connects from that user (eg. from the web application he/she is logged into) :
bizNetworkConnection.connect(`${cardName})
ON user registration bit, once you received the registration payload, you can use Composer to create a participant and composer (blockchain) identity for that user - then create the card as above, connect to it (to get the certificate downloaded) then export that card, to be shared with the user that just registered. Using REST you can import the card (that has a connection profile that knows how to connect to the Composer runtime) then they can interact with the business network.
Do user registration / authentication, don't have samples (others may answer in time)..
where cardname is for example the user id or email address, and execute whatever data changes or transactions you want.
So for example for POST /items when using JWT:
On authentication, obviously REST Server endpoints can be secured (with connect gateways secured for outward consumption). Have you considered using JWT as a strategy and/or considered Node-Red for registration/auth flow ?
Anyway these resources may help give you some insights:
https://medium.freecodecamp.org/securing-node-js-restful-apis-with-json-web-tokens-9f811a92bb52
https://www.compose.com/articles/authenticating-node-red-with-jsonwebtoken/
hope this helps.