Discussions/App Development/Namespace missing in access tokenForum ↗

Namespace missing in access token

App Development7 posts292 views1 likesLast activity Dec 2021
PR
priyankaOP
Dec 2021

Hi Team,

We are upgrading daml version from 1.6.0 to 1.18.0.
And we unable to get the party details via v1/parties API, we getting below error -

errors: [“namespace missing in access token”]
status: 401

Can you help us on this issue.

Regards,
Priyanka

NE
nemanja
Dec 2021

Hi @priyanka and welcome to the forum :smiley:

Are you making the request via the HTTP JSON API?

CO
cocreature
Dec 2021

Can you share your decoded JWT token? It sounds like it has an invalid format.

PR
priyanka
Dec 2021

Hi,

Please find token detail below

Token

HEADER:ALGORITHM & TOKEN TYPE

{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “blbuM_wwxxxxxmoRHgT52urXCnrRjo2upMfn9-W93DeU”
}

PAYLOAD:DATA

{
“exp”: 1788884832,
“iat”: 1688883951,
“auth_time”: 1639987633,
“jti”: “48wed2e6-84af-41ae-b5dd-976d29c3f999”,
“iss”: “https://xxx.xxx.xx”,
“aud”: “account”,
“sub”: “1f2971de-63e7-43fa-b791d-cb60ea920xxx”,
“typ”: “Bearer”,
“azp”: “xxx”,
“nonce”: “d5css71f-b0b8-4bfd-bhja-da67709027ec”,
“session_state”: “xxxefd-eb0f-4320-b79d-335xxx75”,
“acr”: “0”,
“allowed-origins”: [
http://xxxx”,
https://xxxxx
],
“realm_access”: {
“roles”: [
“offline_access”
]
},
“resource_access”: {
“xxxxx-ui”: {
“roles”: [
“xxxxx-admin”
]
},
“account”: {
“roles”: [
“xxxxx-account”,
“xxxxx-account-links”,
“xxxxx-profile”
]
}
},
“scope”: “openid email profile”,
“ledgerId”: “xxxxxxxxxx”,
“actAs”: [
“Operator”
],
“email_verified”: true,
“name”: “xxxxxxxxx”,
“admin”: true,
“preferred_username”: “xxxxxxx”,
“given_name”: “xxxxx”,
“applicationId”: “xxxxxxxx”,
“family_name”: “xxxxxxx”,
“email”: “xxxxxxxxxxxx”,
“party”: “Operator”
}
This text will be hidden

please let me know if you need more information.

PR
priyanka
Dec 2021
priyanka:

v1/parties

I am making request to v1/parties with below header

headers: {

  "Content-Type": "application/json"

}
CO
cocreature
Dec 2021

Hi @priyanka , unfortunately it looks like there has been a regression with regards to the legacy token format you’re using in the JSON API in SDK 1.17 and newer. I’ve opened [BUG] JSON API rejects tokens without oidc namespace · Issue #12215 · digital-asset/daml · GitHub to track this.

In the meantime, you have two options:

  1. Upgrade only to 1.16 which still supports that token format without errors.
  2. Switch to the new token format where the values are nested below the oidc namespace, e.g.,
    replace
{
  "ledgerId": "xxxxxxxxxx",
  "actAs": [
    "Operator"
  ],
  "admin": true,
  "applicationId": "xxxxxxxx"
}

by

{
  "https://daml.com/ledger-api": {
    "ledgerId": "xxxxxxxxxx",
    "actAs": [
      "Operator"
    ],
    "admin": true,
    "applicationId": "xxxxxxxx"
  }
}

Note that the format you are using has been deprecated since SDK 1.0 so you should make the switch eventually either way.

PR
priyanka
Dec 2021

okay, Thank you for your help.
Yes with 1.16.0 it accepts token.

← Back to Discussions