Hi
I am experimenting with DAML and looking to define a few different roles for the different parties I will use for my application.
What would be best practice to establish a specific role for any of my used Party>?
The objective for this Party Role is to derive some specif logic in my react app. (eg. different stylesheet, different header, different nav bar, etc) upon login of this Party
I could implement a specific “Role” as a data-element for “Party Identification” Contract, but then the role is only determined after the contract is retrieved in my UX ? What other solution could achieve my above objective ?
I appreciate your insights for any best practices.
2 Likes
It somewhat depends on the security properties you need and how much data you want to handle in a backend that sits between the browser and the ledger.
A simple design would be to just have a single-page webapp that serves all roles. The role would be part of the application state and assets like images and style sheets could be loaded dynamically/conditionally on role. The login flow would be that after the UI receives an authentication token, it queries the ledger for a Role contract and then renders the appropriate app.
If you wanted to “protect” one role’s assets being accessed by another, you’ll need a backend with authentication. So you’d need to build an application backend, e.g. in Node.js, which serves the appropriate version of the app. We are now in classic webapp territory so it’s probably best to explore the resources of the UI and backend framework of your choice. The only thing I’d like to point out is that there are some choices to be made regarding authentication. DAML If you use the same JWT to authenticate with both the Ledger or JSON API as well as the application backend, users have to hand their ledger JWT to the application backend. So they have to trust the operator of the application backend a great deal. That’s not a problem in many cases. If it is a problem, you’ll need to set up a custom IAM solution which allows users to obtain two tokens - one for the backend and one for the ledger.
If you do that, you could even do some authorization in your IAM (as opposed to pure authentication) and store the role. in your backend token.
2 Likes
Thanks @bernhard
I assume I can implement the simple approach in project.dable.
But since there is an IAM solution involved for the second approach that would no longer work.
Can you confirm ?
Thanks
Bart
You can make the first approach work on DABL without any issues. @dliakakos may be able to point you to some example that use DABL auth in the frontend. DABL will even host your single-page web-app if it’s just static files.
You can also use the second approach as long as you are OK with your application backend handling DABL tokens. What’s more difficult to realise would be the model where authentication with the application backend and the ledger are separate.