Secure DAML Infrastructure – Part 2 – JWT, JWKS and Auth0

Hi DAMLers,
In Part 1 , @nycnewman described how to set up a PKI infrastructure and configure the DAML Ledger Server to use secure TLS connections and mutual authentication. This protects data in transit and only authorised clients can connect.

For this Second part, he focused on authentication and authorization of Ledger API calls using JWT tokens and customs claims.

Check it out

daml.com

Secure DAML Infrastructure - Part 2 - JWT, JWKS and Auth0 - DAML

An application will need to issue DAML commands over the secure connection and retrieve the subset of contract data that it is authorised to see. To enable this, the Ledger Server uses HTTP security headers (specifically “Authorization” Bearer...

Any questions to @nycnewman?