License	ISC
Maintainer	ics@gambolingpangolin.com
Stability	experimental
Safe Haskell	Safe-Inferred
Language	GHC2021

Authorize.Macaroon

Contents

Types
Core interface

Description

This module contains an implementation of macaroons as described in http://theory.stanford.edu/~ataly/Papers/macaroons.pdf. The serialization, cryptography, and validation semantics are compatible with go-macaroons https://github.com/go-macaroon/macaroon.

Synopsis

newtype MacaroonId = MacaroonId {
- unMacaroonId :: ByteString
}
data Macaroon
data SealedMacaroon = SealedMacaroon {
- rootMacaroon :: Macaroon
- dischargeMacaroons :: [Macaroon]
}
newtype Key = Key {
- unKey :: ScrubbedBytes
}
type Location = ByteString
createMacaroon :: Key -> MacaroonId -> Location -> [ByteString] -> Macaroon
addFirstPartyCaveat :: Macaroon -> ByteString -> Macaroon
addThirdPartyCaveat :: Macaroon -> Key -> Location -> ByteString -> IO Macaroon
extractThirdPartyCaveats :: Macaroon -> [ByteString]
sealMacaroon :: Macaroon -> [Macaroon] -> SealedMacaroon
createDischargeMacaroon :: Key -> Location -> ByteString -> [ByteString] -> Macaroon
verify :: Key -> SealedMacaroon -> Either VerificationFailure (Set ByteString)
data VerificationFailure

Types

newtype MacaroonId Source #

Constructors

MacaroonId
Fields unMacaroonId :: ByteString

Instances

Instances details

Show MacaroonId Source #
Instance details Defined in Authorize.Macaroon.Types Methods showsPrec :: Int -> MacaroonId -> ShowS # show :: MacaroonId -> String # showList :: [MacaroonId] -> ShowS #
Serialize MacaroonId Source #
Instance details Defined in Authorize.Macaroon.Types Methods put :: Putter MacaroonId # get :: Get MacaroonId #
Eq MacaroonId Source #
Instance details Defined in Authorize.Macaroon.Types Methods (==) :: MacaroonId -> MacaroonId -> Bool # (/=) :: MacaroonId -> MacaroonId -> Bool #
Ord MacaroonId Source #
Instance details Defined in Authorize.Macaroon.Types Methods compare :: MacaroonId -> MacaroonId -> Ordering # (<) :: MacaroonId -> MacaroonId -> Bool # (<=) :: MacaroonId -> MacaroonId -> Bool # (>) :: MacaroonId -> MacaroonId -> Bool # (>=) :: MacaroonId -> MacaroonId -> Bool # max :: MacaroonId -> MacaroonId -> MacaroonId # min :: MacaroonId -> MacaroonId -> MacaroonId #
ByteArrayAccess MacaroonId Source #
Instance details Defined in Authorize.Macaroon.Types Methods length :: MacaroonId -> Int # withByteArray :: MacaroonId -> (Ptr p -> IO a) -> IO a # copyByteArrayToPtr :: MacaroonId -> Ptr p -> IO () #

data Macaroon Source #

Instances

Instances details

Show Macaroon Source #
Instance details Defined in Authorize.Macaroon.Types Methods showsPrec :: Int -> Macaroon -> ShowS # show :: Macaroon -> String # showList :: [Macaroon] -> ShowS #
Serialize Macaroon Source #
Instance details Defined in Authorize.Macaroon.Types Methods put :: Putter Macaroon # get :: Get Macaroon #
Eq Macaroon Source #
Instance details Defined in Authorize.Macaroon.Types Methods (==) :: Macaroon -> Macaroon -> Bool # (/=) :: Macaroon -> Macaroon -> Bool #

data SealedMacaroon Source #

Couple a macaroon with its discharges. Application developers should only produce these values either by invoking prepareForRequest or by deserializing a client token.

Constructors

SealedMacaroon
Fields rootMacaroon :: Macaroon dischargeMacaroons :: [Macaroon]

Instances

Instances details

Show SealedMacaroon Source #
Instance details Defined in Authorize.Macaroon.Types Methods showsPrec :: Int -> SealedMacaroon -> ShowS # show :: SealedMacaroon -> String # showList :: [SealedMacaroon] -> ShowS #
Serialize SealedMacaroon Source #
Instance details Defined in Authorize.Macaroon.Types Methods put :: Putter SealedMacaroon # get :: Get SealedMacaroon #
Eq SealedMacaroon Source #
Instance details Defined in Authorize.Macaroon.Types Methods (==) :: SealedMacaroon -> SealedMacaroon -> Bool # (/=) :: SealedMacaroon -> SealedMacaroon -> Bool #

newtype Key Source #

Constructors

Key
Fields unKey :: ScrubbedBytes

Instances

Instances details

Show Key Source #
Instance details Defined in Authorize.Macaroon.Types Methods showsPrec :: Int -> Key -> ShowS # show :: Key -> String # showList :: [Key] -> ShowS #
Eq Key Source #
Instance details Defined in Authorize.Macaroon.Types Methods (==) :: Key -> Key -> Bool # (/=) :: Key -> Key -> Bool #
Ord Key Source #
Instance details Defined in Authorize.Macaroon.Types Methods compare :: Key -> Key -> Ordering # (<) :: Key -> Key -> Bool # (<=) :: Key -> Key -> Bool # (>) :: Key -> Key -> Bool # (>=) :: Key -> Key -> Bool # max :: Key -> Key -> Key # min :: Key -> Key -> Key #
ByteArrayAccess Key Source #
Instance details Defined in Authorize.Macaroon.Types Methods length :: Key -> Int # withByteArray :: Key -> (Ptr p -> IO a) -> IO a # copyByteArrayToPtr :: Key -> Ptr p -> IO () #

type Location = ByteString Source #

Core interface

createMacaroon Source #

Arguments

:: Key	signing key
-> MacaroonId	identifier for this macaroon
-> Location	location hint
-> [ByteString]	first party caveats to include
-> Macaroon

Mint a macaroon

addFirstPartyCaveat :: Macaroon -> ByteString -> Macaroon Source #

A first party caveat corresponds to a proposition that might or might not hold in the validation context of the macaroon.

addThirdPartyCaveat Source #

Arguments

:: Macaroon
-> Key	third party key
-> Location
-> ByteString
-> IO Macaroon

A third party caveat links the macaroon to an additional key, and must be discharged by a supplementary macaroon in order to validate.

extractThirdPartyCaveats :: Macaroon -> [ByteString] Source #

Get the third party caveats encoded in the macaroon

sealMacaroon Source #

Arguments

:: Macaroon	root macaroon
-> [Macaroon]	discharge macaroons
-> SealedMacaroon

In order to secure discharge macaroons, they must be bound to the root macaroon before transmission.

createDischargeMacaroon Source #

Arguments

:: Key	discharge key
-> Location	location hint
-> ByteString	caveat to discharge
-> [ByteString]	additional first party caveats to include
-> Macaroon

Mint a macaroon discharging a third party caveat

verify Source #

Arguments

:: Key	root key
-> SealedMacaroon
-> Either VerificationFailure (Set ByteString)

Macaroon verification succeeds by producing a set of first party caveats requiring further validation.

data VerificationFailure Source #

Constructors

InvalidSignature MacaroonId
InvalidBinding MacaroonId
MissingDischargeMacaroon MacaroonId
ExcessDischarges [Macaroon]
ThirdPartyKeyError MacaroonId

Instances

Instances details

Show VerificationFailure Source #
Instance details Defined in Authorize.Macaroon.Verify Methods showsPrec :: Int -> VerificationFailure -> ShowS # show :: VerificationFailure -> String # showList :: [VerificationFailure] -> ShowS #
Eq VerificationFailure Source #
Instance details Defined in Authorize.Macaroon.Verify Methods (==) :: VerificationFailure -> VerificationFailure -> Bool # (/=) :: VerificationFailure -> VerificationFailure -> Bool #