Running trigger on sandbox with auth on

Hi all,

According to the docs, when using DAML triggers against Ledger with authentication, I can pass --access-token-file token.jwt. However I am wondering what happens when the token expire:

  • does the ledger denies any further ledger requests after expiry?
  • if the token.jwt file gets refreshed afterwards, will the trigger runner picks up the new token for the subsequent ledger request?

Thanks.

1 Like

If the token expires, the ledger will deny further requests and the trigger will die. Once you restart it it will pick up the new token but it won’t pick up a new token during operation.

We are currently working on an authentication middleware that sits between the trigger service and your auth provider (e.g., auth0) and handles token refresh and similar things. This is expected to land in SDK 1.10 in Februrary. However, that will only affect the trigger service not the daml trigger command. We currently have no plans to change how tokens behave for daml trigger.

4 Likes

That makes sense. Thanks @cocreature !