Access Token vs actAs/readAs command arguments (java bindings)

StephenOTT · June 21, 2022, 9:39pm

Looking at a method such as:

digital-asset/daml/blob/2ea1c7402f0eb1b8fd1f33523985323cf296c247/language-support/java/bindings-rxjava/src/main/java/com/daml/ledger/rxjava/CommandClient.java#L87-L94


      
          Single<Empty> submitAndWait(
              @NonNull String workflowId,
              @NonNull String applicationId,
              @NonNull String commandId,
              @NonNull List<@NonNull String> actAs,
              @NonNull List<@NonNull String> readAs,
              @NonNull List<@NonNull Command> commands,
              @NonNull String accessToken);

How does the access token content (Authorization — Daml SDK 2.2.0 documentation) get used vs the provided actAs/readAs?

stefanobaghino-da · June 22, 2022, 8:06am

You must explicitly say what parties are you acting or reading on behalf of. The token is essentially taken as opaque and passed as is to the Ledger API server that will validate the provided claims against the token, meaning that each set of provided parties must be a subset of the ones listed in the token. This allows to use tokens associated with a variety of claims but issue commands and read transactions only with the party (or parties) that are relevant for your application.

StephenOTT · June 22, 2022, 1:01pm

Great. Thank you for the clear and concise details!

Topic		Replies	Views
Daml assistant permission Questions daml , sdk	3	377	April 22, 2021
Which token should i pass? Questions daml , damlhub	29	560	February 26, 2022
[Java] How do you submit a command to create or exercise a choice with user management Questions daml , java	8	211	October 18, 2022
Authorization with different ledgers Questions	1	290	April 16, 2020
Claims in JWT for multi-party submission using JSON API Questions daml , json-api	7	469	April 14, 2021

Access Token vs actAs/readAs command arguments (java bindings)

Related Topics