Verification of ApplicationID in JWT

Piyush_Bedi · April 23, 2020, 3:23am

Does the AuthService bundled with the SDK validate the ApplicationID in the JWT against the ApplicationID supplied in the LedgerAPI Command?

stefanobaghino-da · April 23, 2020, 8:08am

You are absolutely right, this is a bug. Thanks to @Robert_Autenrieth for looking into this.

I’m opening a ticket to track this.

stefanobaghino-da · April 23, 2020, 8:12am

Thanks for raising this.

Topic		Replies	Views
JWT auth questions Questions daml , daml-sdk	4	544	April 27, 2021
Navigator using mTLS and JWT and user management Questions	6	308	August 17, 2022
`Missing applicationId in access token` error Questions	2	310	July 17, 2021
Ledger API with Auth0 JWKS gives Authorization error Questions sandbox , ledger-api	4	477	September 23, 2021
ApplicationID in User Token Questions ledger-api , canton	3	234	June 27, 2023