Hi team,
I’m testing daml v2.0 sandbox with authorization.
Without authorization, the sandbox is started without problems.
The configuration file for authorization is like this (auth.conf)
canton.participants.sandbox.ledger-api.auth-services = [{
type = jwt-rs-256-crt
certificate = sandbox.crt
}]
When I start the sandbox with this
% daml sandbox --dar .daml/dist/firstdaml-0.0.1.dar -c auth.conf
Starting Canton sandbox.
Listening at port 6865
Uploading .daml/dist/firstdaml-0.0.1.dar to localhost:6865
WARN c.d.l.a.a.Authorizer - UNAUTHENTICATED(6,0): The command is missing a (valid) JWT token, context: {participant: "sandbox", err-context: "{location=ErrorFactories.scala:244}"}
An exception was thrown during the upload-dar command
- GRPCIOBadStatusCode StatusUnauthenticated (StatusDetails {unStatusDetails = "An error occurred. Please contact the operator and inquire about the request <no-correlation-id>"})
One reason for this to occur is if the size of DAR file being uploaded exceeds the gRPC maximum message size. The default value for this is 4Mb, but it may be increased when the ledger is (re)started. Please check with your ledger operator.
I think this problem is due to the missing jwt when uploading the DAR. It is different from daml v.1, as no access token is needed
May I know how I can specify the JWT when starting the Sandbox? The daml sandbox --help
seems no such parameter.
% daml sandbox --help
Usage: daml sandbox [--port ARG] [--admin-api-port ARG]
[--domain-public-port ARG] [--domain-admin-port ARG]
[--canton-port-file PATH]
[--static-time | --wall-clock-time] [--canton-help]
[-c|--config FILE] [--port-file PATH] [--dar PATH] [ARG]
Thanks.
kc