digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 01:07:18 +03:00
Code Issues Projects Releases Wiki Activity
f9e67adafc
daml/ledger/ledger-api-auth
History
tudor-da f9e67adafc
[Self-service error codes] Adapt error responses in ledger-api-auth [DPP-617] (#11223) 
* [Self-service error codes] Implement V2 in Authorizer

CHANGELOG_BEGIN
CHANGELOG_END

* Added unit test for authorize (non-streamed)

* Fix after rebase

* Do not expose the error codes switching mechanism to the Java bindings

* Adjust InternalAuthorizationError to be SystemInternalAssumptionViolated

* Parameter names in test

* Testing AuthorizationInterceptor with regard to returned error codes

* Do not use default error code version switchers at instance creation

* Addressed Pawel's review comments

* Using ErrorFactories for error dispatching

* Pass loggingContext to Authorizer where available

* Generic internal authorization error
2021-10-20 13:28:21 +00:00
..
src [Self-service error codes] Adapt error responses in ledger-api-auth [DPP-617] (#11223) 2021-10-20 13:28:21 +00:00
BUILD.bazel [Self-service error codes] Adapt error responses in ledger-api-auth [DPP-617] (#11223) 2021-10-20 13:28:21 +00:00
README.md Move AuthService (#3272) 2019-10-29 15:46:43 +00:00

README.md

Ledger API authorization

General authorization in gRPC

An Interceptor reads HTTP headers, and stores relevant information (e.g., claims) in a Context.

GRPC services read the stored data from the Context in order to validate the requests.

Authorization in the ledger API

The AuthService defines an interface for decoding HTTP headers into Claims.

The ledger API server takes an AuthService implementation as an argument.

The ledger API server uses a call interceptor and the given AuthService implementation to to store decoded Claims in the gRPC Context.

All ledger API services use the Claims to validate their requests.