Allocation Of Parties With JWT Tokens on Ledger

tiw · May 30, 2022, 9:06pm

In a more traditional API architecture, and API key might be generated each time a user logs in.

Can we do the same thing with JWT tokens and daml? For example, after a period of time the JWT token expires and then the admin sets the JWT token for that party the next time they log in (assuming when the user logs in they newly generate a JWT token that gets passed to the admin)?

In other words, can the admin of a ledger dynamically update a JWT token for a party based on whatever JWT token gets generated when a party logs in with a username/password?

We’re still using daml-on-sql-1.18.1 if that is a consideration.

stefanobaghino-da · May 31, 2022, 7:22am

There is nothing that prevents this, but this needs to be implemented as part of the authentication infrastructure paired with the participant. The runtime components which are shipped as part of Daml, including Canton, the HTTP JSON API Service, etc. all allow you to configure a JWKS endpoint that should enable you to be more flexible in your token rotation policy.

Topic		Replies	Views
Token to be used when allocating a new party Questions damlhub	4	452	November 23, 2021
JWT auth questions Questions daml , sdk	4	520	April 27, 2021
Daml ledger allocate-parties Questions daml	7	853	June 11, 2022
Clarification on DAML keywords, JSON API and Ledger API Questions daml , json-api , ledger-api	1	211	November 21, 2022
DAML Hub json api: party allocation unsupported for now Questions damlhub , ledger-api	3	383	December 21, 2021

Allocation Of Parties With JWT Tokens on Ledger

Related topics