diff --git a/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala b/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala index 36d1865de7..83c061e9c7 100644 --- a/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala +++ b/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala @@ -814,7 +814,6 @@ object ConfigTransforms { val userToken = AuthUtil.LedgerApi.testToken( user = user, secret = secret, - expiration = NonNegativeFiniteDuration.ofDays(30), ) c.copy( authConfig = AuthTokenSourceConfig.Static( diff --git a/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/SpliceTests.scala b/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/SpliceTests.scala index bfaa82f4ef..e70c03a7c2 100644 --- a/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/SpliceTests.scala +++ b/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/SpliceTests.scala @@ -314,13 +314,13 @@ object SpliceTests extends LazyLogging { newUser: String, ): AuthTokenSourceConfig = { conf match { - case AuthTokenSourceConfig.Static(_, adminToken, expiration) => { + case AuthTokenSourceConfig.Static(_, adminToken) => { val secret = "test" // used for all of our tests - val userToken = AuthUtil.LedgerApi.testToken(newUser, secret, expiration) + val userToken = AuthUtil.LedgerApi.testToken(newUser, secret) AuthTokenSourceConfig.Static(userToken, adminToken) } - case AuthTokenSourceConfig.SelfSigned(audience, _, secret, adminToken, expiration) => { - AuthTokenSourceConfig.SelfSigned(audience, newUser, secret, adminToken, expiration) + case AuthTokenSourceConfig.SelfSigned(audience, _, secret, adminToken) => { + AuthTokenSourceConfig.SelfSigned(audience, newUser, secret, adminToken) } case _ => conf } diff --git a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthTokenSource.scala b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthTokenSource.scala index 6c04284fb6..058e51924a 100644 --- a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthTokenSource.scala +++ b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthTokenSource.scala @@ -7,7 +7,6 @@ import com.daml.jwt.{AuthServiceJWTCodec, Jwt, JwtDecoder, StandardJWTPayload} import org.apache.pekko.actor.ActorSystem import org.lfdecentralizedtrust.splice.auth.OAuthApi.TokenResponse import org.lfdecentralizedtrust.splice.config.AuthTokenSourceConfig -import com.digitalasset.canton.config.NonNegativeFiniteDuration import com.digitalasset.canton.data.CantonTimestamp import com.digitalasset.canton.logging.{NamedLoggerFactory, NamedLogging} import com.digitalasset.canton.tracing.TraceContext @@ -74,11 +73,10 @@ case class AuthTokenSourceSelfSigned( audience: String, user: String, secret: String, - expiration: NonNegativeFiniteDuration, ) extends AuthTokenSource { override def getToken(implicit tc: TraceContext): Future[Option[AuthToken]] = Future.successful( - Some(AuthToken(AuthUtil.testTokenSecret(audience, user, secret, expiration))) + Some(AuthToken(AuthUtil.testTokenSecret(audience, user, secret))) ) } @@ -117,10 +115,10 @@ object AuthTokenSource { )(implicit ec: ExecutionContext, ac: ActorSystem): AuthTokenSource = config match { case AuthTokenSourceConfig.None() => new AuthTokenSourceNone() - case AuthTokenSourceConfig.Static(token, _, _) => + case AuthTokenSourceConfig.Static(token, _) => new AuthTokenSourceStatic(token) - case AuthTokenSourceConfig.SelfSigned(audience, user, secret, _, expiration) => - new AuthTokenSourceSelfSigned(audience, user, secret, expiration) + case AuthTokenSourceConfig.SelfSigned(audience, user, secret, _) => + new AuthTokenSourceSelfSigned(audience, user, secret) case AuthTokenSourceConfig.ClientCredentials( wellKnownConfigUrl, clientId, diff --git a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthUtil.scala b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthUtil.scala index 5464c05198..5bb8232156 100644 --- a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthUtil.scala +++ b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/auth/AuthUtil.scala @@ -5,7 +5,6 @@ package org.lfdecentralizedtrust.splice.auth import com.auth0.jwt.JWT import com.auth0.jwt.algorithms.Algorithm -import com.digitalasset.canton.config.NonNegativeFiniteDuration // See also: com.daml.ledger.api.auth.Main from the Daml SDK contains utils for generating ledger API access tokens object AuthUtil { @@ -29,23 +28,19 @@ object AuthUtil { audience: String, user: String, secret: String, - expiration: NonNegativeFiniteDuration = NonNegativeFiniteDuration.ofDays(30), ): String = { - testTokenSecret(audience, user, secret, expiration) + testTokenSecret(audience, user, secret) } def testTokenSecret( audience: String, user: String, secret: String, - expiration: NonNegativeFiniteDuration, ): String = { JWT .create() .withSubject(user) .withAudience(audience) - // Canton also uses Instant.now for the checks even in simtime so this is ok. - .withExpiresAt(java.time.Instant.now().plus(expiration.asJava)) .sign(Algorithm.HMAC256(secret)) } @@ -61,15 +56,12 @@ object AuthUtil { def testToken( user: String, secret: String, - expiration: NonNegativeFiniteDuration, ): String = { JWT .create() .withSubject(user) .withClaim("scope", "daml_ledger_api") .withAudience(testAudience) - // Canton also uses Instant.now for the checks even in simtime so this is ok. - .withExpiresAt(java.time.Instant.now().plus(expiration.asJava)) .sign(Algorithm.HMAC256(secret)) } } diff --git a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/AuthTokenSourceConfig.scala b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/AuthTokenSourceConfig.scala index 34f7a3f70d..e14f4c388b 100644 --- a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/AuthTokenSourceConfig.scala +++ b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/AuthTokenSourceConfig.scala @@ -3,8 +3,6 @@ package org.lfdecentralizedtrust.splice.config -import com.digitalasset.canton.config.NonNegativeFiniteDuration - sealed trait AuthTokenSourceConfig { // Token that will be used for all commands that need to bypass ledger API auth. // Due to the way Canton console is designed, this need to be a static token. @@ -20,7 +18,6 @@ object AuthTokenSourceConfig { final case class Static( token: String, adminToken: Option[String], - expiration: NonNegativeFiniteDuration = NonNegativeFiniteDuration.ofDays(30), ) extends AuthTokenSourceConfig /** Settings for generating self-signed tokens. Use for testing purposes only. */ @@ -29,7 +26,6 @@ object AuthTokenSourceConfig { user: String, secret: String, adminToken: Option[String], - expiration: NonNegativeFiniteDuration = NonNegativeFiniteDuration.ofDays(30), ) extends AuthTokenSourceConfig /** Using OAuth client credentials flow to acquire tokens */ @@ -48,9 +44,9 @@ object AuthTokenSourceConfig { val hide = (t: Option[String]) => t.map(_ => hidden) config match { case None() => None() - case Static(_, adminToken, expiration) => Static(hidden, hide(adminToken), expiration) - case SelfSigned(audience, user, _, adminToken, expiration) => - SelfSigned(audience, user, hidden, hide(adminToken), expiration) + case Static(_, adminToken) => Static(hidden, hide(adminToken)) + case SelfSigned(audience, user, _, adminToken) => + SelfSigned(audience, user, hidden, hide(adminToken)) case ClientCredentials(wellKnownConfigUrl, clientId, _, audience, scope, adminToken) => ClientCredentials(wellKnownConfigUrl, clientId, hidden, audience, scope, hide(adminToken)) }