Multiple authorization types on a ledger-api

kctam · October 5, 2022, 9:37am

Hi team,

When enabling authorization on the ledger-api, we specify one type (be it a certificate, or jwks url, etc link). Is it possible to specify more the one type to handle different applications?

The context is like this. A participant node has already joined a domain, and that application requires “centralized IDM”, i.e. the user/jwt are centrally managed by the domain operator. When this participant node wishes to join another domain, they wish to have their own IDM. Ideally we can have something like “a set of DAR/templates” will be accessed through a specific type of authorization.

Thanks in advance.

kc

bernhard · October 5, 2022, 12:20pm

Yes, the documentation shows the type of auth-services to be a list. Just put a bunch of stuff in there.

kctam · October 5, 2022, 1:44pm

Thanks @bernhard . I am assuming the list of items will be used to validate the tokens and it will get success as long as it is validated by one in the list. See if it’s the behaviour.

If that’s the case, can we limit this token corresponding to a specific set of DAR or template IDs or even a domain? Again, as said, we are building something like one participant node joining to more than one domain in this case.

Thanks again.

kc

Topic		Replies	Views
Multi Tenancy Questions daml	1	352	July 17, 2020
Multiparty command submissions via the Ledger API Questions daml	3	527	June 29, 2020
Auth0 - multiple audiences in access token Features & Bugs ledger-api , jwt , auth	2	876	March 27, 2023
JWT auth questions Questions daml , sdk	4	514	April 27, 2021
Using @daml/ledger to query ledger - declaring template` Questions javascript , json-api , ledger-api	1	580	March 9, 2021

Multiple authorization types on a ledger-api

Related topics