Interface IdentityProviderConfigServiceGrpc.AsyncService

  • All Known Implementing Classes:
    IdentityProviderConfigServiceGrpc.IdentityProviderConfigServiceImplBase
    Enclosing class:
    IdentityProviderConfigServiceGrpc

    public static interface IdentityProviderConfigServiceGrpc.AsyncService
     Identity Provider Config Service makes it possible for participant node administrators
     to setup and manage additional identity providers at runtime.
     This allows using access tokens from identity providers unknown at deployment time. When an identity
     provider is configured, independent IDP administrators can manage their own set of parties and users.
     Such parties and users have a matching `identity_provider_id` defined and are inaccessible to
     administrators from other identity providers. A user will only be authenticated if the corresponding JWT
     token is issued by the appropriate identity provider.
     Users and parties without `identity_provider_id` defined are assumed to be using the default identity provider,
     which is configured statically at the participant node's deployment time.
     The Ledger API uses the "iss" claim of a JWT token to match the token to a specific IDP. If there is no match,
     the default IDP is assumed.
     The fields of request messages (and sub-messages) are marked either as ``Optional`` or ``Required``:
     (1) ``Optional`` denoting the client may leave the field unset when sending a request.
     (2) ``Required`` denoting the client must set the field to a non-default value when sending a request.
     An identity provider config resource is described by the ``IdentityProviderConfig`` message,
     An identity provider config resource, once it has been created, can be modified.
     In order to update the properties represented by the ``IdentityProviderConfig`` message use the ``UpdateIdentityProviderConfig`` RPC.
     The only fields that can be modified are those marked as ``Modifiable``.