final case class Claims(claims: Seq[Claim], ledgerId: Option[String], participantId: Option[String], applicationId: Option[String], expiration: Option[Instant], identityProviderId: IdentityProviderId, resolvedFromUser: Boolean) extends ClaimSet with Product with Serializable
Claims define what actions an authenticated user can perform on the Ledger API.
They also optionally specify an expiration epoch time that statically specifies the time on or after which the token will no longer be considered valid by the Ledger API.
The precise authorization rules are documented in "//docs/source/app-dev/authorization.rst". Please use that file when writing or reviewing tests; and keep it up to date when adding new endpoints.
- claims
List of Claims describing the authorization this object describes.
- ledgerId
If set, the claims will only be valid on the given ledger identifier.
- participantId
If set, the claims will only be valid on the given participant identifier.
- applicationId
If set, the claims will only be valid on the given application identifier.
- expiration
If set, the claims will cease to be valid at the given time.
- identityProviderId
If set, the claims will only be valid on the given Identity Provider configuration.
- resolvedFromUser
If set, then the claims were resolved from a user in the user management service.
- Alphabetic
- By Inheritance
- Claims
- Serializable
- Product
- Equals
- ClaimSet
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new Claims(claims: Seq[Claim], ledgerId: Option[String], participantId: Option[String], applicationId: Option[String], expiration: Option[Instant], identityProviderId: IdentityProviderId, resolvedFromUser: Boolean)
- claims
List of Claims describing the authorization this object describes.
- ledgerId
If set, the claims will only be valid on the given ledger identifier.
- participantId
If set, the claims will only be valid on the given participant identifier.
- applicationId
If set, the claims will only be valid on the given application identifier.
- expiration
If set, the claims will cease to be valid at the given time.
- identityProviderId
If set, the claims will only be valid on the given Identity Provider configuration.
- resolvedFromUser
If set, then the claims were resolved from a user in the user management service.
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- val applicationId: Option[String]
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def canActAs(party: String): Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to act as the given party, unless the claims expired
- def canReadAs(party: String): Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to read data for the given party, unless the claims expired
- val claims: Seq[Claim]
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- val expiration: Option[Instant]
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- val identityProviderId: IdentityProviderId
- def isAdmin: Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to use admin services, unless the claims expired
- def isAdminOrIDPAdmin: Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user as an administrator or an identity provider administrator, unless the claims expired
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def isPublic: Either[AuthorizationError, Unit]
Returns true if the set of claims authorizes the user to use public services, unless the claims expired
- val ledgerId: Option[String]
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def notExpired(now: Instant, jwtTimestampLeeway: Option[JwtTimestampLeeway], tokenExpiryGracePeriodForStreams: Option[Duration] = None): Either[AuthorizationError, Unit]
Returns false if the expiration timestamp exists and is greater than or equal to the current time
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- val participantId: Option[String]
- def productElementNames: Iterator[String]
- Definition Classes
- Product
- val resolvedFromUser: Boolean
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def validForApplication(id: String): Either[AuthorizationError, Unit]
- def validForLedger(id: String): Either[AuthorizationError, Unit]
- def validForParticipant(id: String): Either[AuthorizationError, Unit]
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])