trait AuthService extends AnyRef

An interface for authorizing the ledger API access to a participant.

The AuthService is responsible for converting request metadata (such as the HTTP headers) into a ClaimSet. These claims are then used by the ledger API server to check whether the request is authorized.

- The authorization information MUST be specified in the Authorization header. - The value of the Authorization header MUST start with Bearer (notice the trailing space of the prefix). - An AuthService implementation MAY use other headers when converting metadata to claims.

For example, a participant could: - Ask all ledger API users to attach an Authorization header with a JWT token as the header value. - Implement decodeMetadata() such that it reads the JWT token from the corresponding HTTP header, validates the token, and converts the token payload to ClaimSet.

Linear Supertypes
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. AuthService
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Abstract Value Members

  1. abstract def decodeMetadata(headers: Metadata)(implicit traceContext: TraceContext): CompletionStage[ClaimSet]

    Return empty com.digitalasset.canton.ledger.api.auth.ClaimSet.Unauthenticated to reject requests with a UNAUTHENTICATED error status.

    Return empty com.digitalasset.canton.ledger.api.auth.ClaimSet.Unauthenticated to reject requests with a UNAUTHENTICATED error status. Return com.digitalasset.canton.ledger.api.auth.ClaimSet.Claims with only a single com.digitalasset.canton.ledger.api.auth.ClaimPublic claim to reject all non-public requests with a PERMISSION_DENIED status. Return a failed future to reject requests with an INTERNAL error status.

Concrete Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
  6. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  7. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  8. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  9. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  10. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  11. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  12. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  13. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  14. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  15. def toString(): String
    Definition Classes
    AnyRef → Any
  16. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  17. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  18. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from AnyRef

Inherited from Any

Ungrouped