mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 09:17:43 +03:00

History

Stefano Baghino 55f9de87ca Check application identifier when authorizing a Ledger API call (#6342 ) * Check application identifier when authorizing a Ledger API call Fixes #4409 changelog_begin [Ledger API] Bugfix: the application identifier in a request is checked against the authorization token. See https://github.com/digital-asset/daml/issues/4409. changelog_end * Fix accidental infinite loop * Address a few comments from https://github.com/digital-asset/daml/pull/6342#pullrequestreview-430401649 - Address https://github.com/digital-asset/daml/pull/6342#discussion_r439992312 - Address https://github.com/digital-asset/daml/pull/6342#discussion_r439999084 - Address https://github.com/digital-asset/daml/pull/6342#discussion_r439999280 * Address https://github.com/digital-asset/daml/pull/6342#discussion_r440001538 As discussed in https://github.com/digital-asset/daml/pull/6342#discussion_r440003568 * Address https://github.com/digital-asset/daml/pull/6342#discussion_r439993762		2020-06-15 12:35:55 +00:00
..
src	Check application identifier when authorizing a Ledger API call (#6342 )	2020-06-15 12:35:55 +00:00
BUILD.bazel	Use com.daml as root package (#5343 )	2020-04-05 19:49:57 +02:00
README.md	Move AuthService (#3272 )	2019-10-29 15:46:43 +00:00

Ledger API authorization

General authorization in gRPC

An Interceptor reads HTTP headers, and stores relevant information (e.g., claims) in a Context.

GRPC services read the stored data from the Context in order to validate the requests.

The AuthService defines an interface for decoding HTTP headers into Claims.

The ledger API server takes an AuthService implementation as an argument.

The ledger API server uses a call interceptor and the given AuthService implementation to to store decoded Claims in the gRPC Context.

All ledger API services use the Claims to validate their requests.