WebKDC::Token(3) token objects for use with WebAuth

SYNOPSIS


use WebKDC::Token;
# includes WebKDC::{App,Id,Proxy,Request,Response,Service}Token
# manually create a new token, and then encode/encrypt it
my $id_token = new WebKDC::IdToken;
$id_token->subject_auth('krb5');
$id_token->subject_auth_data($sad);
$id_token->creation_time(time());
$id_token->expiration_time($et);
my $id_token_str = bas64_encode($id_token->to_token($key));
# parse an encrypted/encoded token, given the encrypted/encoded token,
# the keyring used to encrypt it, and an optional time to live. If the
# TTL is not zero, the token is treated as invalid if its creation time is
# more than ttl ago (this is not needed if the token had an expiration
# time set when it was created).
my $req_token = new WebKDC::RequestToken($req_token_str, $key, $ttl);

DESCRIPTION

WebKDC::Token is the base class for all the Token objects, which are available upon using WebKDC::Token:

 WebKDC::AppToken
 WebKDC::IdToken
 WebKDC::ProxyToken
 WebKDC::RequestToken
 WebKDC::ErrorToken
 WebKDC::CredToken
 WebKDC::WebKDCProxyToken
 WebKDC::WebKDCServiceToken

It contains the functions that are common across all the token objects, as well as some functions that must be overridden in the subclasses.

EXPORT

None

METHODS

to_token(key_or_keyring)
$binary_token = $token->to_token($key_or_keyring);

Takes a token object and encrypts/encodes it into a binary string. WebAuth::base64_encode should be used if the token needs to base64 encoded.

to_string()
$str = $token->to_string();

used mainly for debugging to get a dump of all the attributes in a token. The Token object all overloads '""', so calling this function is optional, you can just use a token object as a string to get the same result.

new
 $token = new WebKDC::SubclassToken;
 $token = new WebKDC::SubclassToken($binary_token, $key_or_ring, $ttl);

The new constructor for tokcns is used to create a token object. The first form is used to construct new tokens, while the second form is used to parse a binary token into a token object. Note, only subclasses of Token should be constructed using new. To parse an unknown token, use the parse class method.

parse
 $token = WebKDC::Token::parse($binary_token, $key_or_ring, $ttl);

Used to create a from a binary token when you don't know ahead of time what the resulting token type will be. The type of the returened token can be checked with token_type() or the UNIVERSAL isa method.

validate_token
This method should be overridden by subclasses. It is used to validate that a particular token contains the correct attributes. It gets called by the to_token method before the token is encoded, and by the constructor with args after a token has been parsed.
init
This method should be ovveridden by subclasses and is used to initialize a token when the constructor with no args is called.
token_type([$new_value])
 $token->token_type($new_value);
 $type = $token->token_type();

The first form is used to set the token type, the second form is used to get the token type.

WebKDC::AppToken

The WebKDC::AppToken object is used to represent WebAuth app-tokens.

  $token = new WebKDC::AppToken;
  $token = new WebKDC::AppToken($binary_token, $key_or_ring, $ttl);
  $token->app_data($name[, $new_value])
  $token->creation_time([$new_value])
  $token->expiration_time([$new_value])
  $token->lastused_time([$lastused_time])
  $token->subject([$new_value])
  $token->session_key([$new_value])
  $token->initial_factors([$new_value, ...])
  $token->session_factors([$new_value, ...])
  $token->loa([$new_value])

WebKDC::CredToken

The WebKDC::CredToken object is used to represent WebAuth cred-tokens.

  $token = new WebKDC::CredToken;
  $token = new WebKDC::CredToken($binary_token, $key_or_ring, $ttl);
  $token->creation_time([$new_value])
  $token->expiration_time([$new_value])
  $token->cred_type([$new_value])
  $token->cred_subject([$new_value])
  $token->cred_data([$new_value])
  $token->subject([$new_value])

WebKDC::IdToken

The WebKDC::IdToken object is used to represent WebAuth id-tokens.

  $token = new WebKDC::IdToken;
  $token = new WebKDC::IdToken($binary_token, $key_or_ring, $ttl);
  $token->creation_time([$new_value])
  $token->expiration_time([$new_value])
  $token->subject([$new_value])
  $token->subject_auth([$new_value])
  $token->subject_auth_data([$new_value])
  $token->initial_factors([$new_value, ...])
  $token->session_factors([$new_value, ...])
  $token->loa([$new_value])

WebKDC::LoginToken

The WebKDC::LoginToken object is used to represent WebAuth login-tokens.

  $token = new WebKDC::LoginToken;
  $token = new WebKDC::LoginToken($binary_token, $key_or_ring, $ttl);
  $token->creation_time([$new_value])
  $token->password([$new_value])
  $token->otp([$new_value])
  $token->username([$new_value])

WebKDC::ProxyToken

The WebKDC::ProxyToken object is used to represent WebAuth proxy-tokens.

  $token = new WebKDC::ProxyToken;
  $token = new WebKDC::ProxyToken($binary_token, $key_or_ring, $ttl);
  $token->creation_time([$new_value])
  $token->expiration_time([$new_value])
  $token->proxy_type([$new_value])
  $token->subject([$new_value])
  $token->webkdc_token([$new_value])
  $token->initial_factors([$new_value, ...])
  $token->session_factors([$new_value, ...])
  $token->loa([$new_value])

WebKDC::RequestToken

The WebKDC::RequestToken object is used to represent WebAuth request-tokens.

  $token = new WebKDC::RequestToken;
  $token = new WebKDC::RequestToken($binary_token, $key_or_ring, $ttl);
  $token->app_state([$new_value])
  $token->creation_time([$new_value])
  $token->proxy_type([$new_value])
  $token->request_options([$new_value])
  $token->requested_token_type([$new_value])
  $token->return_url([$new_value])
  $token->subject_auth([$new_value])
  $token->initial_factors([$new_value, ...])
  $token->session_factors([$new_value, ...])
  $token->loa([$new_value])

WebKDC::ErrorToken

The WebKDC::ErrorToken object is used to represent WebAuth error-tokens.

  $token = new WebKDC::ErrorToken;
  $token = new WebKDC::ErrorToken($binary_token, $key_or_ring, $ttl);
  $token->creation_time([$new_value])
  $token->error_code([$new_value])
  $token->error_message([$new_value])

WebKDC::WebKDCProxyToken

The WebKDC::WebKDCProxyToken object is used to represent WebAuth webkdc-proxy-tokens.

  $token = new WebKDC::WebKDCProxyToken;
  $token = new WebKDC::WebKDCProxyToken($binary_token, $key_or_ring, $ttl);
  $token->creation_time([$new_value])
  $token->expiration_time([$new_value])
  $token->proxy_data([$new_value])
  $token->proxy_subject([$new_value])
  $token->proxy_type([$new_value])
  $token->subject([$new_value])
  $token->initial_factors([$new_value, ...])
  $token->loa([$new_value])

WebKDC::WebKDCServiceToken

The WebKDC::WebKDCServiceToken object is used to represent WebAuth webkdc-service-tokens.

  $token = new WebKDC::WebKDCServiceToken;
  $token = new WebKDC::WebKDCServiceToken($binary_token, $key_or_ring, $ttl);
  $token->creation_time([$new_value])
  $token->expiration_time([$new_value])
  $token->subject([$new_value])
  $token->session_key([$new_value])

AUTHOR

Roland Schemers ([email protected])