package macaroons
Library
Module
Module type
Parameter
Class
Class type
val create : location:string -> key:string -> id:string -> t
val location : t -> string
location m
is the location of m
(if any).
val identifier : t -> string
identifier m
is the identifier of m
.
val signature : t -> string
signature m
is the signature of m
.
add_first_party_caveat m cid
adds a caveat which will be discharged by the target service. See verify
.
add_third_party_caveat m ~key ~location cid
adds a caveat that will be discharged by a third-party. The third party is to produce, upon request, a macaroon proving that the caveat has been discharged. This hypothetical macaroon must be minted with root key key
. See verify
.
prepare_for_request m d
should be invoke for each discharge macaroon d
associated to the main authorizing macaroon m
before sending them off the target service for verification. It binds the the signatures of d
and m
together making it impossible for a malicious third party to maliciously re-use d
to discharge third-party caveats of m
.
val serialize : t -> string
serialize m
converts the macaroon m
into a base64-string suitable for transmission over the network. Its inverse is deserialize
.
val deserialize : string -> [ `Ok of t | `Error of int * deserialize_error ]
deserialize m
is the inverse of serialize
.
val pp : Format.formatter -> t -> unit
pp ppf m
prints a user-readable description of the macaroon m
for debugging purposes.
verify m ~key ~check d
verifies whether all the caveats of m
hold. key
must be the key used with create
. check
is called to verify all first-party caveats. d
is a list of discharge macaroons used to verify third-party cavests. Each element of d
must have been previously bound with m
using prepare_for_request
.