API Access Evaluation
Evaluating protocol access
Once the caller is successfully authenticated, the claims bound to the authenticated user will be used to evaluate their access. These claims are given in the form of a JWT as described here. JWTs are only relevant for API Access requests.
- Claims are then extracted from the JWT into a single set of claims.
- Claims are compared to those assigned to the bound party on the protocol. The authorization is successful if they match.
- If successful, access is given and the request can proceed.
How claims are bound
The claims are specified via the protocol creation request as a set of party claims (containing both entity and access claims).
Multiple matching parties
If the claims match multiple parties on a protocol, the first match is chosen.