3
import "gopkg.in/macaroon.v1"
5
The macaroon package implements macaroons as described in the paper "Macaroons:
6
Cookies with Contextual Caveats for Decentralized Authorization in the Cloud"
7
(http://theory.stanford.edu/~ataly/Papers/macaroons.pdf)
9
See the macaroon bakery packages at http://godoc.org/gopkg.in/macaroon-bakery.v0
10
for higher level services and operations that use macaroons.
27
type Macaroon struct {
31
Macaroon holds a macaroon. See Fig. 7 of
32
http://theory.stanford.edu/~ataly/Papers/macaroons.pdf for a description of the
33
data contained within. Macaroons are mutable objects - use Clone as appropriate
34
to avoid unwanted mutation.
39
func New(rootKey []byte, id, loc string) (*Macaroon, error)
41
New returns a new macaroon with the given root key, identifier and location.
43
#### func (*Macaroon) AddFirstPartyCaveat
46
func (m *Macaroon) AddFirstPartyCaveat(caveatId string) error
48
AddFirstPartyCaveat adds a caveat that will be verified by the target service.
50
#### func (*Macaroon) AddThirdPartyCaveat
53
func (m *Macaroon) AddThirdPartyCaveat(rootKey []byte, caveatId string, loc string) error
55
AddThirdPartyCaveat adds a third-party caveat to the macaroon, using the given
56
shared root key, caveat id and location hint. The caveat id should encode the
57
root key in some way, either by encrypting it with a key known to the third
58
party or by holding a reference to it stored in the third party's storage.
60
#### func (*Macaroon) Bind
63
func (m *Macaroon) Bind(sig []byte)
65
Bind prepares the macaroon for being used to discharge the macaroon with the
66
given signature sig. This must be used before it is used in the discharges
69
#### func (*Macaroon) Caveats
72
func (m *Macaroon) Caveats() []Caveat
74
Caveats returns the macaroon's caveats. This method will probably change, and
75
it's important not to change the returned caveat.
77
#### func (*Macaroon) Clone
80
func (m *Macaroon) Clone() *Macaroon
82
Clone returns a copy of the receiving macaroon.
84
#### func (*Macaroon) Id
87
func (m *Macaroon) Id() string
89
Id returns the id of the macaroon. This can hold arbitrary information.
91
#### func (*Macaroon) Location
94
func (m *Macaroon) Location() string
96
Location returns the macaroon's location hint. This is not verified as part of
99
#### func (*Macaroon) MarshalBinary
102
func (m *Macaroon) MarshalBinary() ([]byte, error)
104
MarshalBinary implements encoding.BinaryMarshaler.
106
#### func (*Macaroon) MarshalJSON
109
func (m *Macaroon) MarshalJSON() ([]byte, error)
111
MarshalJSON implements json.Marshaler.
113
#### func (*Macaroon) Signature
116
func (m *Macaroon) Signature() []byte
118
Signature returns the macaroon's signature.
120
#### func (*Macaroon) UnmarshalBinary
123
func (m *Macaroon) UnmarshalBinary(data []byte) error
125
UnmarshalBinary implements encoding.BinaryUnmarshaler.
127
#### func (*Macaroon) UnmarshalJSON
130
func (m *Macaroon) UnmarshalJSON(jsonData []byte) error
132
UnmarshalJSON implements json.Unmarshaler.
134
#### func (*Macaroon) Verify
137
func (m *Macaroon) Verify(rootKey []byte, check func(caveat string) error, discharges []*Macaroon) error
139
Verify verifies that the receiving macaroon is valid. The root key must be the
140
same that the macaroon was originally minted with. The check function is called
141
to verify each first-party caveat - it should return an error if the condition
144
The discharge macaroons should be provided in discharges.
146
Verify returns true if the verification succeeds; if returns (false, nil) if the
147
verification fails, and (false, err) if the verification cannot be asserted (but
150
TODO(rog) is there a possible DOS attack that can cause this function to
156
type Verifier interface {
157
Verify(m *Macaroon, rootKey []byte) (bool, error)