Namespace missing in access token

Questions
1

Hi Team,

We are upgrading daml version from 1.6.0 to 1.18.0.
And we unable to get the party details via v1/parties API, we getting below error -

errors: [“namespace missing in access token”]
status: 401

Can you help us on this issue.

Regards,
Priyanka

1 Like
2

Hi @priyanka and welcome to the forum :smiley:

Are you making the request via the HTTP JSON API?

3

Can you share your decoded JWT token? It sounds like it has an invalid format.

4

Hi,

Please find token detail below

Token

HEADER:ALGORITHM & TOKEN TYPE

{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “blbuM_wwxxxxxmoRHgT52urXCnrRjo2upMfn9-W93DeU”
}

PAYLOAD:DATA

{
“exp”: 1788884832,
“iat”: 1688883951,
“auth_time”: 1639987633,
“jti”: “48wed2e6-84af-41ae-b5dd-976d29c3f999”,
“iss”: “https://xxx.xxx.xx”,
“aud”: “account”,
“sub”: “1f2971de-63e7-43fa-b791d-cb60ea920xxx”,
“typ”: “Bearer”,
“azp”: “xxx”,
“nonce”: “d5css71f-b0b8-4bfd-bhja-da67709027ec”,
“session_state”: “xxxefd-eb0f-4320-b79d-335xxx75”,
“acr”: “0”,
“allowed-origins”: [
http://xxxx”,
https://xxxxx
],
“realm_access”: {
“roles”: [
“offline_access”
]
},
“resource_access”: {
“xxxxx-ui”: {
“roles”: [
“xxxxx-admin”
]
},
“account”: {
“roles”: [
“xxxxx-account”,
“xxxxx-account-links”,
“xxxxx-profile”
]
}
},
“scope”: “openid email profile”,
“ledgerId”: “xxxxxxxxxx”,
“actAs”: [
“Operator”
],
“email_verified”: true,
“name”: “xxxxxxxxx”,
“admin”: true,
“preferred_username”: “xxxxxxx”,
“given_name”: “xxxxx”,
“applicationId”: “xxxxxxxx”,
“family_name”: “xxxxxxx”,
“email”: “xxxxxxxxxxxx”,
“party”: “Operator”
}
This text will be hidden

please let me know if you need more information.

5

I am making request to v1/parties with below header

headers: {

  "Content-Type": "application/json"

}
6

Hi @priyanka , unfortunately it looks like there has been a regression with regards to the legacy token format you’re using in the JSON API in SDK 1.17 and newer. I’ve opened [BUG] JSON API rejects tokens without oidc namespace · Issue #12215 · digital-asset/daml · GitHub to track this.

In the meantime, you have two options:

  1. Upgrade only to 1.16 which still supports that token format without errors.
  2. Switch to the new token format where the values are nested below the oidc namespace, e.g.,
    replace
{
  "ledgerId": "xxxxxxxxxx",
  "actAs": [
    "Operator"
  ],
  "admin": true,
  "applicationId": "xxxxxxxx"
}

by

{
  "https://daml.com/ledger-api": {
    "ledgerId": "xxxxxxxxxx",
    "actAs": [
      "Operator"
    ],
    "admin": true,
    "applicationId": "xxxxxxxx"
  }
}

Note that the format you are using has been deprecated since SDK 1.0 so you should make the switch eventually either way.

7

okay, Thank you for your help.
Yes with 1.16.0 it accepts token.