digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-11-10 10:46:11 +03:00
Code Issues Projects Releases Wiki Activity
a2ccf1b2a0
daml/ledger/ledger-api-auth
History
Kamil Bożek 32d4bf92ec
Do not require a JWT token for Health and Reflection services [DPP-277] (#8969) 
* Do not require a JWT token for Health and Reflection services

CHANGELOG_BEGIN
- A JWT token is no longer required to call methods of Health and Reflection services
CHANGELOG_END

* Let service's authorizer decide about rejections

* Updated authorization test

* Added integration test for unsecured authorisation test for the Health service

* Added integration test for unsecured authorisation test for the Server Reflection service

* Updated Claims doc comments

* Minor change

* Reduced code duplication with SecuredServiceCallAuthTests and UnsecuredServiceCallAuthTests

* Added copyrights

* Move response status handling logic to Authorizer
2021-03-03 11:05:35 +00:00
..
src Do not require a JWT token for Health and Reflection services [DPP-277] (#8969) 2021-03-03 11:05:35 +00:00
BUILD.bazel Port parts of //ledger/... to Scala 2.13 (#8470) 2021-01-12 10:55:00 +01:00
README.md Move AuthService (#3272) 2019-10-29 15:46:43 +00:00

README.md

Ledger API authorization

General authorization in gRPC

An Interceptor reads HTTP headers, and stores relevant information (e.g., claims) in a Context.

GRPC services read the stored data from the Context in order to validate the requests.

Authorization in the ledger API

The AuthService defines an interface for decoding HTTP headers into Claims.

The ledger API server takes an AuthService implementation as an argument.

The ledger API server uses a call interceptor and the given AuthService implementation to to store decoded Claims in the gRPC Context.

All ledger API services use the Claims to validate their requests.