License | ISC |
---|---|
Maintainer | ics@gambolingpangolin.com |
Stability | experimental |
Safe Haskell | Safe-Inferred |
Language | GHC2021 |
This module contains an implementation of macaroons as described in http://theory.stanford.edu/~ataly/Papers/macaroons.pdf. The serialization, cryptography, and validation semantics are compatible with go-macaroons https://github.com/go-macaroon/macaroon.
Synopsis
- newtype MacaroonId = MacaroonId {}
- data Macaroon
- data SealedMacaroon = SealedMacaroon {}
- newtype Key = Key {}
- type Location = ByteString
- createMacaroon :: Key -> MacaroonId -> Location -> [ByteString] -> Macaroon
- addFirstPartyCaveat :: Macaroon -> ByteString -> Macaroon
- addThirdPartyCaveat :: Macaroon -> Key -> Location -> ByteString -> IO Macaroon
- extractThirdPartyCaveats :: Macaroon -> [ByteString]
- sealMacaroon :: Macaroon -> [Macaroon] -> SealedMacaroon
- createDischargeMacaroon :: Key -> Location -> ByteString -> [ByteString] -> Macaroon
- verify :: Key -> SealedMacaroon -> Either VerificationFailure (Set ByteString)
- data VerificationFailure
Types
newtype MacaroonId Source #
Instances
data SealedMacaroon Source #
Couple a macaroon with its discharges. Application developers should
only produce these values either by invoking prepareForRequest
or by
deserializing a client token.
Instances
Show SealedMacaroon Source # | |
Defined in Authorize.Macaroon.Types showsPrec :: Int -> SealedMacaroon -> ShowS # show :: SealedMacaroon -> String # showList :: [SealedMacaroon] -> ShowS # | |
Serialize SealedMacaroon Source # | |
Defined in Authorize.Macaroon.Types put :: Putter SealedMacaroon # get :: Get SealedMacaroon # | |
Eq SealedMacaroon Source # | |
Defined in Authorize.Macaroon.Types (==) :: SealedMacaroon -> SealedMacaroon -> Bool # (/=) :: SealedMacaroon -> SealedMacaroon -> Bool # |
type Location = ByteString Source #
Core interface
:: Key | signing key |
-> MacaroonId | identifier for this macaroon |
-> Location | location hint |
-> [ByteString] | first party caveats to include |
-> Macaroon |
Mint a macaroon
addFirstPartyCaveat :: Macaroon -> ByteString -> Macaroon Source #
A first party caveat corresponds to a proposition that might or might not hold in the validation context of the macaroon.
A third party caveat links the macaroon to an additional key, and must be discharged by a supplementary macaroon in order to validate.
extractThirdPartyCaveats :: Macaroon -> [ByteString] Source #
Get the third party caveats encoded in the macaroon
:: Macaroon | root macaroon |
-> [Macaroon] | discharge macaroons |
-> SealedMacaroon |
In order to secure discharge macaroons, they must be bound to the root macaroon before transmission.
createDischargeMacaroon Source #
:: Key | discharge key |
-> Location | location hint |
-> ByteString | caveat to discharge |
-> [ByteString] | additional first party caveats to include |
-> Macaroon |
Mint a macaroon discharging a third party caveat
:: Key | root key |
-> SealedMacaroon | |
-> Either VerificationFailure (Set ByteString) |
Macaroon verification succeeds by producing a set of first party caveats requiring further validation.
data VerificationFailure Source #
InvalidSignature MacaroonId | |
InvalidBinding MacaroonId | |
MissingDischargeMacaroon MacaroonId | |
ExcessDischarges [Macaroon] | |
ThirdPartyKeyError MacaroonId |
Instances
Show VerificationFailure Source # | |
Defined in Authorize.Macaroon.Verify showsPrec :: Int -> VerificationFailure -> ShowS # show :: VerificationFailure -> String # showList :: [VerificationFailure] -> ShowS # | |
Eq VerificationFailure Source # | |
Defined in Authorize.Macaroon.Verify (==) :: VerificationFailure -> VerificationFailure -> Bool # (/=) :: VerificationFailure -> VerificationFailure -> Bool # |