License | ISC |
---|---|
Maintainer | ics@gambolingpangolin.com |
Stability | experimental |
Safe Haskell | None |
Language | Haskell2010 |
Authorize.Macaroon
Contents
Description
This module contains an implementation of macaroons as described in http://theory.stanford.edu/~ataly/Papers/macaroons.pdf. The serialization, cryptography, and validation semantics are compatible with go-macaroons https://github.com/go-macaroon/macaroon.
Synopsis
- newtype MacaroonId = MacaroonId {}
- data Macaroon
- data SealedMacaroon = SealedMacaroon {}
- newtype Key = Key {}
- type Location = ByteString
- createMacaroon :: Key -> MacaroonId -> Location -> [ByteString] -> Macaroon
- addFirstPartyCaveat :: Macaroon -> ByteString -> Macaroon
- addThirdPartyCaveat :: Macaroon -> Key -> Location -> ByteString -> IO Macaroon
- extractThirdPartyCaveats :: Macaroon -> [ByteString]
- sealMacaroon :: Macaroon -> [Macaroon] -> SealedMacaroon
- createDischargeMacaroon :: Key -> Location -> ByteString -> [ByteString] -> Macaroon
- verify :: Key -> SealedMacaroon -> Either VerificationFailure (Set ByteString)
- data VerificationFailure
Types
newtype MacaroonId Source #
Constructors
MacaroonId | |
Fields |
Instances
Eq MacaroonId Source # | |
Defined in Authorize.Macaroon.Types | |
Ord MacaroonId Source # | |
Defined in Authorize.Macaroon.Types Methods compare :: MacaroonId -> MacaroonId -> Ordering # (<) :: MacaroonId -> MacaroonId -> Bool # (<=) :: MacaroonId -> MacaroonId -> Bool # (>) :: MacaroonId -> MacaroonId -> Bool # (>=) :: MacaroonId -> MacaroonId -> Bool # max :: MacaroonId -> MacaroonId -> MacaroonId # min :: MacaroonId -> MacaroonId -> MacaroonId # | |
Show MacaroonId Source # | |
Defined in Authorize.Macaroon.Types Methods showsPrec :: Int -> MacaroonId -> ShowS # show :: MacaroonId -> String # showList :: [MacaroonId] -> ShowS # | |
Serialize MacaroonId Source # | |
Defined in Authorize.Macaroon.Types | |
ByteArrayAccess MacaroonId Source # | |
Defined in Authorize.Macaroon.Types Methods length :: MacaroonId -> Int # withByteArray :: MacaroonId -> (Ptr p -> IO a) -> IO a # copyByteArrayToPtr :: MacaroonId -> Ptr p -> IO () # |
data SealedMacaroon Source #
Couple a macaroon with its discharges. Application developers should
only produce these values either by invoking prepareForRequest
or by
deserializing a client token.
Constructors
SealedMacaroon | |
Fields |
Instances
Eq SealedMacaroon Source # | |
Defined in Authorize.Macaroon.Types Methods (==) :: SealedMacaroon -> SealedMacaroon -> Bool # (/=) :: SealedMacaroon -> SealedMacaroon -> Bool # | |
Show SealedMacaroon Source # | |
Defined in Authorize.Macaroon.Types Methods showsPrec :: Int -> SealedMacaroon -> ShowS # show :: SealedMacaroon -> String # showList :: [SealedMacaroon] -> ShowS # | |
Serialize SealedMacaroon Source # | |
Defined in Authorize.Macaroon.Types |
Constructors
Key | |
Fields |
type Location = ByteString Source #
Core interface
Arguments
:: Key | signing key |
-> MacaroonId | identifier for this macaroon |
-> Location | location hint |
-> [ByteString] | first party caveats to include |
-> Macaroon |
Mint a macaroon
addFirstPartyCaveat :: Macaroon -> ByteString -> Macaroon Source #
A first party caveat corresponds to a proposition that might or might not hold in the validation context of the macaroon.
A third party caveat links the macaroon to an additional key, and must be discharged by a supplementary macaroon in order to validate.
extractThirdPartyCaveats :: Macaroon -> [ByteString] Source #
Get the third party caveats encoded in the macaroon
Arguments
:: Macaroon | root macaroon |
-> [Macaroon] | discharge macaroons |
-> SealedMacaroon |
In order to secure discharge macaroons, they must be bound to the root macaroon before transmission.
createDischargeMacaroon Source #
Arguments
:: Key | discharge key |
-> Location | location hint |
-> ByteString | caveat to discharge |
-> [ByteString] | additional first party caveats to include |
-> Macaroon |
Mint a macaroon discharging a third party caveat
Arguments
:: Key | root key |
-> SealedMacaroon | |
-> Either VerificationFailure (Set ByteString) |
Macaroon verification succeeds by producing a set of first party caveats requiring further validation.
data VerificationFailure Source #
Constructors
InvalidSignature MacaroonId | |
InvalidBinding MacaroonId | |
MissingDischargeMacaroon MacaroonId | |
ExcessDischarges [Macaroon] | |
ThirdPartyKeyError MacaroonId |
Instances
Eq VerificationFailure Source # | |
Defined in Authorize.Macaroon.Verify Methods (==) :: VerificationFailure -> VerificationFailure -> Bool # (/=) :: VerificationFailure -> VerificationFailure -> Bool # | |
Show VerificationFailure Source # | |
Defined in Authorize.Macaroon.Verify Methods showsPrec :: Int -> VerificationFailure -> ShowS # show :: VerificationFailure -> String # showList :: [VerificationFailure] -> ShowS # |