CheckMacaroonPermissions
CheckMacaroonPermissions checks whether the provided macaroon contains all the provided permissions. If the macaroon is valid (e.g. all caveats are satisfied), and all permissions provided in the request are met, then this RPC returns true.
Source: lightning.proto
gRPC
rpc CheckMacaroonPermissions (CheckMacPermRequest) returns (CheckMacPermResponse);
REST
| HTTP Method | Path | 
|---|---|
| POST | /v1/macaroon/checkpermissions | 
Code Samples
- gRPC
- REST
- Shell
- Javascript
- Python
const fs = require('fs');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');
const GRPC_HOST = 'localhost:10009'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
const TLS_PATH = 'LND_DIR/tls.cert'
const loaderOptions = {
  keepCase: true,
  longs: String,
  enums: String,
  defaults: true,
  oneofs: true,
};
const packageDefinition = protoLoader.loadSync('lightning.proto', loaderOptions);
const lnrpc = grpc.loadPackageDefinition(packageDefinition).lnrpc;
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
const tlsCert = fs.readFileSync(TLS_PATH);
const sslCreds = grpc.credentials.createSsl(tlsCert);
const macaroon = fs.readFileSync(MACAROON_PATH).toString('hex');
const macaroonCreds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
  let metadata = new grpc.Metadata();
  metadata.add('macaroon', macaroon);
  callback(null, metadata);
});
let creds = grpc.credentials.combineChannelCredentials(sslCreds, macaroonCreds);
let client = new lnrpc.Lightning(GRPC_HOST, creds);
let request = {
  macaroon: <bytes>,
  permissions: <MacaroonPermission>,
  fullMethod: <string>,
  check_default_perms_from_full_method: <bool>,
};
client.checkMacaroonPermissions(request, function(err, response) {
  console.log(response);
});
// Console output:
//  {
//    "valid": <bool>,
//  }
import codecs, grpc, os
# Generate the following 2 modules by compiling the lightning.proto with the grpcio-tools.
# See https://github.com/lightningnetwork/lnd/blob/master/docs/grpc/python.md for instructions.
import lightning_pb2 as lnrpc, lightning_pb2_grpc as lightningstub
GRPC_HOST = 'localhost:10009'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
# create macaroon credentials
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
def metadata_callback(context, callback):
  callback([('macaroon', macaroon)], None)
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# create SSL credentials
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
# combine macaroon and SSL credentials
combined_creds = grpc.composite_channel_credentials(ssl_creds, auth_creds)
# make the request
channel = grpc.secure_channel(GRPC_HOST, combined_creds)
stub = lightningstub.LightningStub(channel)
request = lnrpc.CheckMacPermRequest(
  macaroon=<bytes>,
  permissions=<MacaroonPermission>,
  fullMethod=<string>,
  check_default_perms_from_full_method=<bool>,
)
response = stub.CheckMacaroonPermissions(request)
print(response)
# {
#    "valid": <bool>,
# }
- Javascript
- Python
const fs = require('fs');
const request = require('request');
const REST_HOST = 'localhost:8080'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
let requestBody = {
  macaroon: <string>, // <bytes> (base64 encoded)
  permissions: <array>, // <MacaroonPermission> 
  fullMethod: <string>, // <string> 
  check_default_perms_from_full_method: <boolean>, // <bool> 
};
let options = {
  url: `https://${REST_HOST}/v1/macaroon/checkpermissions`,
  // Work-around for self-signed certificates.
  rejectUnauthorized: false,
  json: true,
  headers: {
    'Grpc-Metadata-macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
  },
  form: JSON.stringify(requestBody),
}
request.post(options, function(error, response, body) {
  console.log(body);
});
// Console output:
//  {
//    "valid": <boolean>, // <bool> 
//  }
import base64, codecs, json, requests
REST_HOST = 'localhost:8080'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
url = f'https://{REST_HOST}/v1/macaroon/checkpermissions'
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
headers = {'Grpc-Metadata-macaroon': macaroon}
data = {
  'macaroon': base64.b64encode(<bytes>),
  'permissions': <MacaroonPermission>,
  'fullMethod': <string>,
  'check_default_perms_from_full_method': <bool>,
}
r = requests.post(url, headers=headers, data=json.dumps(data), verify=TLS_PATH)
print(r.json())
# {
#    "valid": <bool>,
# }
# There is no CLI command for this RPC
Messages
lnrpc.CheckMacPermRequest
Source: lightning.proto
| Field | gRPC Type | REST Type | REST Placement | 
|---|---|---|---|
| macaroon | bytes | string | body | 
| permissions | MacaroonPermission[] | array | body | 
| fullMethod | string | string | body | 
| check_default_perms_from_full_method | bool | boolean | body | 
lnrpc.CheckMacPermResponse
Source: lightning.proto
| Field | gRPC Type | REST Type | 
|---|---|---|
| valid | bool | boolean | 
Nested Messages
lnrpc.MacaroonPermission
| Field | gRPC Type | REST Type | 
|---|---|---|
| entity | string | string | 
| action | string | string |