CCPEDIAby Unity Nodes
Discussions/App Development/Validation of a nested JWTForum ↗

Validation of a nested JWT

App Development4 posts248 viewsLast activity Apr 2023
MR
Mr_MannorothOP
Apr 2023

Is there a way for Canton to validate the JWT if it is nested, for example:

{
   “param1”: “value1”,
   “param2”: “value2”,
   “nestedJWT”:
     {
          "aud": "someParticipantId",
          "sub": "someUserId",
          "exp": 1300819380
     }
}

Or to extract the aud and sub from other tags that are not called aud and sub?

BE
bernhard
Apr 2023

No, that’s currently not possible. In what context would this be useful to you?

MR
Mr_Mannoroth
Apr 2023

The aud and sub fields are already used in our system in the JWT format we currently use, which means we can’t use these fields for something else (aka, our Daml app). We also have limited ability to customise our IAM to add new tags in the parent scope of the JWT payload solely for the purpose of the Daml application we’re working on - the IAM generates one single JWT format that’s currently used across all systems that integrate with the IAM. Adding new fields just for our application in the parent scope is not an option, but in the nested scope as a bit of a compromise, could be an option, for example:

{
   “aud”: “already in use”,
   “sub”: “already in use”,
   “our_project”:
     {
          "our_project_aud": "someParticipantId",
          "our_project_sub": "someUserId",
          "our_project_exp": 1300819380
     }
}
CO
cocreature
Apr 2023

What is stopping you from allocating Daml users that match the already existing sub fields your IAM produces instead of introducing a separate daml-specific sub?

← Back to Discussions