mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 01:07:18 +03:00

History

Simon Meier 2640bc6ab7 user management: require appropriate scope in user access tokens (#12428 ) * user management: require `daml_ledger_api` scope in user access tokens The accesss token's scope must include `daml_ledger_api` to ensure that access token was issued for accessing the Daml ledger api. CHANGELOG_BEGIN CHANGELOG_END		2022-01-18 13:01:47 +00:00
..
src	user management: require appropriate scope in user access tokens (#12428 )	2022-01-18 13:01:47 +00:00
BUILD.bazel	update copyright headers (#12240 )	2022-01-03 16:36:51 +00:00
README.md	Move AuthService (#3272 )	2019-10-29 15:46:43 +00:00

Ledger API authorization

General authorization in gRPC

An Interceptor reads HTTP headers, and stores relevant information (e.g., claims) in a Context.

GRPC services read the stored data from the Context in order to validate the requests.

The AuthService defines an interface for decoding HTTP headers into Claims.

The ledger API server takes an AuthService implementation as an argument.

The ledger API server uses a call interceptor and the given AuthService implementation to to store decoded Claims in the gRPC Context.

All ledger API services use the Claims to validate their requests.