mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-19 16:57:40 +03:00
97433743a1
* Set the `Bearer ` prefix in bindings. * Make the `Bearer ` prefix in the authorization header mandatory. * Bearer prefix can be removed from the token file. CHANGELOG_BEGIN [Extractor]: The ``Bearer `` prefix can be removed from the token file. It is added automatically. [Navigator]: The ``Bearer `` prefix can be removed from the token file. It is added automatically. [DAML Script] The ``Bearer `` prefix can be removed from the token file. It is added automatically. [DAML Repl] The ``Bearer `` prefix can be removed from the token file. It is added automatically. [Scala Bindings] The ``Bearer `` prefix can be removed from the token. It is added automatically. [Java Bindings] The ``Bearer `` prefix can be removed from the token. It is added automatically. [DAML Integration Kit] ``AuthService`` implementations MUST read the ``Authorization`` header and the value of the header MUST start with ``Bearer ``. CHANGELOG_END |
||
|---|---|---|
| .. | ||
| src | ||
| BUILD.bazel | ||
| README.md | ||
Ledger API authorization
General authorization in gRPC
An Interceptor reads HTTP headers, and stores relevant information (e.g., claims) in a Context.
GRPC services read the stored data from the Context in order to validate the requests.
Authorization in the ledger API
The AuthService defines an interface for decoding HTTP headers into Claims.
The ledger API server takes an AuthService implementation as an argument.
The ledger API server uses a call interceptor and the given AuthService implementation to to store decoded Claims in the gRPC Context.
All ledger API services use the Claims to validate their requests.