digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 17:28:46 +03:00
Code Issues Projects Releases Wiki Activity
2b3693bf4d
daml/ledger/ledger-api-auth
History
Robert Autenrieth bf2098f038
Check ledger and participant ID in claims (#3781) 
* Add ledger and participant ID to claims

CHANGELOG_BEGIN
- [Ledger] AuthService implementations can now restrict the validity of access tokens to a single ledger or participant.
- [Sandbox] The sandbox JWT authentication now respects the ledgerId and participantId fields of the token payload.

CHANGELOG_END

* Add tests for ledger and participant in claims

* Address review comment

* Address review comment

* Fix tests

* Fix tests
2019-12-09 17:55:17 +01:00
..
src Check ledger and participant ID in claims (#3781) 2019-12-09 17:55:17 +01:00
BUILD.bazel ledger-api-scala-logging: Fix errors in IntelliJ IDEA. (#3785) 2019-12-09 16:02:59 +00:00
README.md Move AuthService (#3272) 2019-10-29 15:46:43 +00:00

README.md

Ledger API authorization

General authorization in gRPC

An Interceptor reads HTTP headers, and stores relevant information (e.g., claims) in a Context.

GRPC services read the stored data from the Context in order to validate the requests.

Authorization in the ledger API

The AuthService defines an interface for decoding HTTP headers into Claims.

The ledger API server takes an AuthService implementation as an argument.

The ledger API server uses a call interceptor and the given AuthService implementation to to store decoded Claims in the gRPC Context.

All ledger API services use the Claims to validate their requests.