This repository contains a reference implementation of how to setup a DAML Ledger with full "Infrastructure" security, i.e. secure connections over TLS and connection authorization via tokens. This will involve a test Public Key Infrastructure (PKI) to create TLS and client certificates and JSON Web Token (JWT) for all user and service authentication. We will use Auth0 as an example of an oAuth provider for this, though the concepts should work with a number of others, e.g.Okta, OneLogin, Ping.
The demo application covers the following aspects:
- Create a reference PKI with root and intermediate CAs and TLS certificates
- Integrate security with Auth0 for user and service accounts (M2M)
- Configure TLS security for all connections including database
- A UI written in TypeScript and React authenticating through Auth0
- A series of tests to demonstrate the services running over secure connections
- Test DAML Triggers and Python bots for DAML automation
This builds on the original sample ex-authentication-auth0 that was described in blog: Easy authentication for your distributed app with DAML and Auth0
Documentation is also provided detailing each of the steps.
Copyright (c) 2020 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved. SPDX-License-Identifier: Apache-2.0