Script running with authentication

kctam · March 29, 2022, 10:19am

Hi Team,
I am using the sample daml code with a script here:

setup : Script AssetId
setup = script do
-- user_setup_begin
  alice <- allocatePartyWithHint "Alice" (PartyIdHint "Alice")
  bob <- allocatePartyWithHint "Bob" (PartyIdHint "Bob")
  aliceId <- validateUserId "alice"
  bobId <- validateUserId "bob"
  createUser (User aliceId (Some alice)) [CanActAs alice]
  createUser (User bobId (Some bob)) [CanActAs bob]
-- user_setup_end

  aliceTV <- submit alice do
    createCmd Asset with
      issuer = alice
      owner = alice
      name = "TV"

  bobTV <- submit alice do
    exerciseCmd aliceTV Give with newOwner = bob

  submit bob do
    exerciseCmd bobTV Give with newOwner = alice

This script runs well in Sandbox without authentication.

Once we enable authentication with this

daml sandbox -c auth.conf

daml ledger upload-dar --access-toke-file adminjwt .daml/dist/seconddaml-0.0.1.dar>

When we run the script (adminjwt works fine in uploading the DAR)

daml script --dar .daml/dist/seconddaml-0.0.1.dar --script-name Main:setup --ledger-host localhost --ledger-port 6865 --acce
ss-token-file adminjwt

We get authentication problems

Exception in thread "main" com.daml.lf.engine.script.ScriptF$FailedCmd: Command submit failed: PERMISSION_DENIED: An error occurred. Please contact the operator and inquire about the request <no-correlation-id>

My observation is that the first part of script “user setup” works well with the adminjwt (with userid set participant_admin), but this token cannot be used when representing alice and bob, despite the fact that alice and bob as users are defined already in the ledger.

What is the best way in this case? Ideally we can use participant_admin to create users alice and bob, then we can use alice and bob to execute the remaining of the script.

Thanks in advance.

KC

stefanobaghino-da · March 29, 2022, 10:29am

I would say that the best thing to do is to split the script in three, run the setup as an admin, output the party identifiers for the users and use those in two further scripts which can be run with a token for alice and bob respectively.

kctam · March 29, 2022, 12:13pm

Thanks @stefanobaghino-da I also thought of this. But by breaking the script into parts, there’s a challenge to link the right parties between the scripts. Can you share more ideas how this can be done?

Also if this can be highlighted in the documentation that will be better. There are a lot of scripts written in this way prior to v2.0. When moving to v2.0 we will have this challenge.

Many thanks again.

kc

stefanobaghino-da · March 29, 2022, 1:03pm

The documentation of Daml Script shows an example of having party identifiers as output of a script. The file at the path provided as part of --output-file will contain the relevant party identifiers. The file can be then fed to the other scripts using --input-file.

The initialization script already creates an alice and bob user, which can respectively act as the Alice and Bob party. So you’ll need to point to a file where the token with the appropriate fields are populated. You’ll need the user names in there, so you don’t need to bootstrap the process using party identifiers.

kctam · March 29, 2022, 1:29pm

Thanks @stefanobaghino-da I will do a trial on this.

Thanks again and have a nice day.

kc

Topic		Replies	Views
Application-id as user-id required in executing script with authorization Questions daml	4	253	March 31, 2022
Error when trying to run Daml Script against Daml Hub - again Questions damlhub	2	233	September 28, 2022
How to interact with daml smart contracts through json api? Tutorials and Guides daml , ledger-api	1	19	September 9, 2024
Can I run a script on Daml Hub which will act as multiple parties? Questions daml , damlhub , daml-script	5	407	July 7, 2022
How to use getUser() with non-admin JWT credentials? Questions	4	233	September 2, 2022

Script running with authentication

Related topics