Access Token vs actAs/readAs command arguments (java bindings)

Looking at a method such as:

digital-asset/daml/blob/2ea1c7402f0eb1b8fd1f33523985323cf296c247/language-support/java/bindings-rxjava/src/main/java/com/daml/ledger/rxjava/CommandClient.java#L87-L94

      

          
Single<Empty> submitAndWait(
          
    @NonNull String workflowId,
          
    @NonNull String applicationId,
          
    @NonNull String commandId,
          
    @NonNull List<@NonNull String> actAs,
          
    @NonNull List<@NonNull String> readAs,
          
    @NonNull List<@NonNull Command> commands,
          
    @NonNull String accessToken);
      
    

How does the access token content (Authorization — Daml SDK 2.2.0 documentation) get used vs the provided actAs/readAs?

You must explicitly say what parties are you acting or reading on behalf of. The token is essentially taken as opaque and passed as is to the Ledger API server that will validate the provided claims against the token, meaning that each set of provided parties must be a subset of the ones listed in the token. This allows to use tokens associated with a variety of claims but issue commands and read transactions only with the party (or parties) that are relevant for your application.

Great. Thank you for the clear and concise details!