trait AuthService extends AnyRef
An interface for authorizing the ledger API access to a participant.
The AuthService is responsible for converting request metadata (such as the HTTP headers) into a ClaimSet. These claims are then used by the ledger API server to check whether the request is authorized.
- The authorization information MUST be specified in the Authorization
header.
- The value of the Authorization
header MUST start with Bearer
(notice the trailing space of the prefix).
- An AuthService implementation MAY use other headers when converting metadata
to claims.
For example, a participant could:
- Ask all ledger API users to attach an Authorization
header
with a JWT token as the header value.
- Implement decodeMetadata()
such that it reads the JWT token
from the corresponding HTTP header, validates the token,
and converts the token payload to ClaimSet.
- Alphabetic
- By Inheritance
- AuthService
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Abstract Value Members
- abstract def decodeMetadata(headers: Metadata)(implicit traceContext: TraceContext): CompletionStage[ClaimSet]
Return empty com.digitalasset.canton.ledger.api.auth.ClaimSet.Unauthenticated to reject requests with a UNAUTHENTICATED error status.
Return empty com.digitalasset.canton.ledger.api.auth.ClaimSet.Unauthenticated to reject requests with a UNAUTHENTICATED error status. Return com.digitalasset.canton.ledger.api.auth.ClaimSet.Claims with only a single com.digitalasset.canton.ledger.api.auth.ClaimPublic claim to reject all non-public requests with a PERMISSION_DENIED status. Return a failed future to reject requests with an INTERNAL error status.
Concrete Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @IntrinsicCandidate()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @IntrinsicCandidate()
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])