The Daml smart contract language
Go to file
Andreas Herrmann 90dc3a5669
Implement token refresh in auth middleware (#7981)
* Obtain refresh token from Auth0

Auth0 requires the `offline_access` scope to be set to return a refresh
token.

See https://auth0.com/docs/tokens/refresh-tokens/get-refresh-tokens

Additionally, the `audience` claim needs to be set to obtain a JWT
access token and a refresh token.

See https://auth0.com/docs/tokens/refresh-tokens

changelog_begin
changelog_end

* Implement refresh endpoint on auth middleware

Following the refresh spec [1] and Auth0 documentation [2].

[1]: https://tools.ietf.org/html/rfc6749#section-6
[2]: https://auth0.com/docs/tokens/refresh-tokens/use-refresh-tokens

* Adapt Auth0 example configuration

Ignore any requests outside the ledger-api audience.

Don't throw on missing query fields. Otherwise the unhandled exception
would prevent unrelated requests from succeeding. E.g. token refresh
requests would always fail.

* Forward unauthorized/forbidden response on refresh

* re-use precomputed token payload

* Implement token refresh in auth test server

Reuses the association between authorization code and token payload to
associate refresh tokens and token payload.

Adds an expiry to the generated token to make tokens distinguishable
across refresh.

* obtain refresh token in test client

* Test auth server refresh token

* auth test server clock configurable

The clock used to define token expiry is configurable

* Override default clock in test fixture

* implement an adjustable clock

* Test token refresh with adjustable clock

* Test token expiry on /auth backend

* Test case for auth middleware /refresh endpoint

* handle malformed code/refresh token in auth server

* Forward client errors on middleware refresh

* Test middleware refresh failure

* Clarify meaning of offline accesss

* Remove redundant testing only comment

Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io>
2020-11-17 12:06:42 +00:00
.github ADD: Change most Slack references to forum references where appropriate (#6071) 2020-05-26 09:26:53 -04:00
.vscode open-sourcing daml 2019-04-04 09:33:38 +01:00
3rdparty update copyright notices to 2020 (#3939) 2020-01-02 21:21:13 +01:00
bazel_tools Add libstdc++ and ws2_32 to base on Windows (#7849) 2020-10-30 15:37:20 +01:00
build-scripts DEL-8132 extract DAML LF haskell libraries (scripted) (#7246) 2020-09-01 12:09:26 +10:00
ci update docker image description (#7915) 2020-11-06 16:39:16 +01:00
compatibility sandbox: fail on already existing port-file. (#7929) 2020-11-17 11:08:37 +01:00
compiler sandbox: fail on already existing port-file. (#7929) 2020-11-17 11:08:37 +01:00
daml-assistant sandbox: fail on already existing port-file. (#7929) 2020-11-17 11:08:37 +01:00
daml-lf When computing blinding info, divulge to choice-observers. (#7970) 2020-11-16 16:35:31 +00:00
daml-script sandbox: fail on already existing port-file. (#7929) 2020-11-17 11:08:37 +01:00
dev-env Update vcredist (#7843) 2020-10-29 17:14:22 +00:00
docs Make application ID configurable in trigger service (#7974) 2020-11-17 10:25:30 +01:00
extractor resources: Customizable contexts. (#7678) 2020-10-20 09:26:28 +00:00
ghc-lib update instructions for working with ghc-lib (#7958) 2020-11-17 10:02:19 +00:00
infra document how to kill nodes (#7782) 2020-10-22 15:44:48 +02:00
language-support daml ledger: add a max-inbound-message-size flag for grpc (#7954) 2020-11-13 00:16:06 +00:00
ledger [KV integrity check] Fix: use the configured jdbc URL when indexing (#7982) 2020-11-17 12:38:10 +01:00
ledger-api Documented gRPC error codes returned by the API server (#7844) 2020-11-05 16:12:43 +01:00
ledger-service Dedup parties in JwtPayload (#7973) 2020-11-16 19:28:11 +01:00
libs-haskell sandbox: fail on already existing port-file. (#7929) 2020-11-17 11:08:37 +01:00
libs-scala Implement token refresh in auth middleware (#7981) 2020-11-17 12:06:42 +00:00
navigator upgrade doobie from 0.6.0 to 0.9.2 (#7618) 2020-10-16 09:46:20 -04:00
nix dev-env: Add xargs. (#7769) 2020-10-21 13:00:19 +00:00
oss-compliance replace DAML Authors with DA in copyright headers (#5228) 2020-03-27 01:26:10 +01:00
release rotate release duty after 1.7.0-snapshot.20201110.5615.0.b35c9fcb (#7938) 2020-11-11 12:13:45 +01:00
replacements replace DAML Authors with DA in copyright headers (#5228) 2020-03-27 01:26:10 +01:00
rules_daml Intro to DAML Chapter 8 (#7506) 2020-09-29 16:34:21 +00:00
scala-protoc-plugins use -Ywarn-unused for all Scala code (#6907) 2020-08-07 13:16:09 -04:00
templates @daml/react: support for multi-{key,query} streams (#7789) 2020-10-23 14:40:20 +02:00
triggers Implement token refresh in auth middleware (#7981) 2020-11-17 12:06:42 +00:00
.bazelignore Remove redundant clean --expunge (#6890) 2020-07-28 09:49:36 +02:00
.bazelrc Update Bazel 2.1.0 --> 3.3.1 (#6761) 2020-07-23 09:46:04 +02:00
.dadew Update vcredist (#7843) 2020-10-29 17:14:22 +00:00
.envrc open-sourcing daml 2019-04-04 09:33:38 +01:00
.gitattributes Remove unreleased.rst (#3547) 2019-11-20 15:16:57 +00:00
.gitignore dev-env: Add a symlink, dev-env/jdk, to the current JDK. (#7745) 2020-10-20 11:03:23 +00:00
.hie-bios Update rules_haskell (#4751) 2020-03-13 16:49:34 +01:00
.hlint.yaml Haskell: Add hlint rule to suggest foldl' over foldl (#7897) 2020-11-05 18:32:44 +00:00
.mergify.yml replace DAML Authors with DA in copyright headers (#5228) 2020-03-27 01:26:10 +01:00
.scalafmt.conf Revert "Adopt trailingCommas option in scalafmt (#4214)" (#4257) 2020-01-29 11:43:35 +00:00
azure-cron.yml add env vars back to azure-cron (#7882) 2020-11-04 12:42:23 +01:00
azure-pipelines.yml remove finished job (#7881) 2020-11-04 12:38:47 +01:00
BAZEL-bash.md add Bazel bash help (#2223) 2019-07-19 15:31:45 +00:00
bazel-haskell-deps.bzl Damlc ITs fix pretty range (#7707) 2020-10-16 09:06:37 +02:00
BAZEL-haskell.md stack_snapshot_json on Windows (#7468) 2020-09-24 12:03:15 +00:00
bazel-java-deps.bzl upgrade doobie from 0.6.0 to 0.9.2 (#7618) 2020-10-16 09:46:20 -04:00
BAZEL-JVM.md upgrade to Scala 2.12.12 from 2.12.11 (#7661) 2020-10-13 08:42:14 -04:00
BAZEL.md Replace com.digitalasset.platform with com.daml.platform (#7912) 2020-11-05 19:27:24 -05:00
BUILD Write proper SDK version in DAR manifest for snapshots (#7546) 2020-10-02 12:59:18 +02:00
build.ps1 reenable Windows cache (#7426) 2020-09-16 23:54:35 +02:00
build.sh Remove redundant clean --expunge (#6890) 2020-07-28 09:49:36 +02:00
CHANGELOG Move unreleased user-facing features to its own file (#1762) 2019-06-19 16:32:03 +02:00
CODE_OF_CONDUCT.md open-sourcing daml 2019-04-04 09:33:38 +01:00
CODEOWNERS remove leo (#7535) 2020-09-30 18:16:57 +02:00
CONTRIBUTING.md Improve contribution guidelines (#6666) 2020-07-09 13:32:10 +00:00
COPY replace DAML Authors with DA in copyright headers (#5228) 2020-03-27 01:26:10 +01:00
daml-logo.png #2785 add daml_logo.png for README (#2787) 2019-09-06 09:35:32 +02:00
deps.bzl Delete the Docker image targets. (#7932) 2020-11-11 07:40:06 +00:00
dotfiles open-sourcing daml 2019-04-04 09:33:38 +01:00
fmt.sh fmt: Do not try and format missing Haskell files. (#7759) 2020-10-21 12:07:11 +00:00
ghcide_snapshot_windows.json stack_snapshot_json on Windows (#7468) 2020-09-24 12:03:15 +00:00
ghcide_snapshot.json Update ghcide 0.1.0 --> 0.2.0 (#6745) 2020-07-16 16:30:09 +00:00
ghcide-snapshot.yaml Update ghcide 0.1.0 --> 0.2.0 (#6745) 2020-07-16 16:30:09 +00:00
LATEST Release SDK 1.7.0 (#7939) 2020-11-11 09:26:41 +00:00
LICENSE update copyright notices to 2020 (#3939) 2020-01-02 21:21:13 +01:00
maven_install.json upgrade doobie from 0.6.0 to 0.9.2 (#7618) 2020-10-16 09:46:20 -04:00
NOTICES remove MissingH (#3948) 2020-01-06 14:36:14 +01:00
package.json Upgrade bl to address security vulnerability (#7312) 2020-09-03 09:49:06 +00:00
README.md Undamlify README (#7615) 2020-10-12 10:53:55 +02:00
release.sh release: Check that the commit is on a release branch on origin. (#7768) 2020-10-21 13:36:09 +00:00
SECURITY.md Update links in the SECURITY file. (#6327) 2020-06-15 08:24:45 +00:00
stack-snapshot.yaml Patch ghc to add a daml version header marker. (#7489) 2020-09-28 17:01:20 +00:00
stackage_snapshot_windows.json Patch ghc to add a daml version header marker. (#7489) 2020-09-28 17:01:20 +00:00
stackage_snapshot.json Patch ghc to add a daml version header marker. (#7489) 2020-09-28 17:01:20 +00:00
tsconfig.json open-sourcing daml 2019-04-04 09:33:38 +01:00
unreleased.sh replace DAML Authors with DA in copyright headers (#5228) 2020-03-27 01:26:10 +01:00
Upgrading.md Upgrade rules_haskell and pin stack_snapshot (#6548) 2020-07-02 18:55:09 +02:00
WORKSPACE Delete the Docker image targets. (#7932) 2020-11-11 07:40:06 +00:00
workspace_status.sh fix sitemap generation (#5775) 2020-04-30 15:02:08 +02:00
yarn.lock Upgrade bl to address security vulnerability (#7312) 2020-09-03 09:49:06 +00:00

DAML logo

Download License Build

Copyright 2020 Digital Asset (Switzerland) GmbH and/or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0

Welcome to the DAML repository!

This repository hosts all code for the DAML smart contract language and SDK, originally created by Digital Asset. DAML is an open-source smart contract language for building future-proof distributed applications on a safe, privacy-aware runtime. The SDK is a set of tools to help you develop applications based on DAML.

Using DAML

To download DAML, follow the installation instructions. Once installed, to try it out, follow the quickstart guide.

If you have questions about how to use DAML or how to build DAML-based solutions, please ask them on StackOverflow using the daml tag.

Contributing to DAML

We warmly welcome contributions. If you are looking for ideas on how to contribute, please browse our issues. To build and test DAML:

1. Clone this repository

git clone git@github.com:digital-asset/daml.git
cd daml

2. Set up the development dependencies

Our builds require various development dependencies (e.g. Java, Bazel, Python), provided by a tool called dev-env.

Linux and Mac

On Linux and Mac dev-env can be installed with:

  1. Install Nix by running: bash <(curl -sSfL https://nixos.org/nix/install)
  2. Enter dev-env by running: eval "$(dev-env/bin/dade assist)"

If you don't want to enter dev-env manually each time using eval "$(dev-env/bin/dade assist)", you can also install direnv. This repo already provides a .envrc file, with an option to add more in a .envrc.private file.

Windows

On Windows you need to enable long file paths by running the following command in an admin powershell:

Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name LongPathsEnabled -Type DWord -Value 1

Then start dev-env from PowerShell with:

.\dev-env\windows\bin\dadew.ps1 install
.\dev-env\windows\bin\dadew.ps1 sync
.\dev-env\windows\bin\dadew.ps1 enable

In all new PowerShell processes started, you need to repeat the enable step.

3. First build and test

We have a single script to build most targets and run the tests. On Linux and Mac run ./build.sh. On Windows run .\build.ps1. Note that these scripts may take over an hour the first time.

To just build do bazel build //..., and to just test do bazel test //.... To read more about Bazel and how to use it, see the Bazel site.

On Mac if building is causing trouble complaining about missing nix packages, you can try first running nix-build -A tools -A cached nix repeatedly until it completes without error.

4. Installing a local copy

On Linux and Mac run daml-sdk-head which installs a version of the SDK with version number 0.0.0. Set the version: field in any DAML project to 0.0.0 and it will use the locally installed one.

On Windows:

bazel build //release:sdk-release-tarball
tar -vxf .\bazel-bin\release\sdk-release-tarball.tar.gz
cd sdk-*
daml\daml.exe install . --activate

That should tell you what to put in the path, something along the lines of C:\Users\admin\AppData\Roaming\daml\bin. Note that the Windows build is not yet fully functional.

Caching: build speed and disk space considerations

Bazel has a lot of nice properties, but they come at the cost of frequently rebuilding "the world". To make that bearable, we make extensive use of caching. Most artifacts should be cached in our CDN, which is configured in .bazelrc in this project.

However, even then, you may end up spending a lot of time (and bandwidth!) downloading artifacts from the CDN. To alleviate that, by default, our build will create a subfolder .bazel-cache in this project and keep an on-disk cache. This can take about 10GB at the time of writing.

To disable the disk cache, remove the following lines:

build:linux --disk_cache=.bazel-cache
build:darwin --disk_cache=.bazel-cache

from the .bazelrc file.

If you work with multiple copies of this repository, you can point all of them to the same disk cache by overwriting these configs in either a .bazelrc.local file in each copy, or a ~/.bazelrc file in your home directory.

Shared memory segment issues

On macOS at least, it looks like our setup does not always properly close the resources PostgreSQL uses. After a number of test runs, you may encounter an error message along the lines of:

FATAL:  could not create shared memory segment: No space left on device
DETAIL:  Failed system call was shmget(key=5432001, size=56, 03600).
HINT:  This error does *not* mean that you have run out of disk space. It occurs either if all available shared memory IDs have been taken, in which case you need to raise the SHMMNI parameter in your kernel, or because the system's overall limit for shared memory has been reached.
        The PostgreSQL documentation contains more information about shared memory configuration.
child process exited with exit code 1

In this case, this is a memory leak, so increasing SHMNI (or SHMALL etc.) as suggested will only delay the issue. You can look at the existing shared memory segments on your system by running ipcs -mcopt; this will print a line per segment, indicating the process ID of the last process to connect to the segment as well as the last access time and the number of currently connected processes.

If you identify segments with no connected processes, and you are confident you can remove them, you can do so with ipcrm $sid, where $sid is the process ID displayed (as the second column) by ipcs. Not many macOS applications use shared memory segments; if you have verified that all the existing memory segments on your machine need to be deleted, e.g. because they have all been created by PostgreSQL instances that are no longer running, here is a Bash invocation you can use to remove all shared memory segments from your system.

This is a dangerous command. Make sure you understand what it does before running it.

for shmid in $(ipcs -m | sed 1,3d | awk '{print $2}' | sed '$d'); do ipcrm -m $shmid; done

Haskell profiling builds

To build Haskell executables with profiling enabled, pass -c dbg to Bazel, e.g. bazel build -c dbg damlc. If you want to build the whole SDK with profiling enabled use daml-sdk-head --profiling.