NAME

WebAuth::Token::Cred - WebAuth cred tokens

SYNOPSIS

    my $token = WebAuth::Token::Cred->new;
    $token->subject ('user');
    $token->type ('krb5');
    $token->service ('service/foo@EXAMPLE.COM');
    $token->data ($ticket);
    $token->creation (time);
    $token->expiration (time + 3600);
    print $token->encode ($keyring), "\n";

DESCRIPTION

A WebAuth cred token, which holds a credential for some other service, usually a Kerberos service ticket. It is sent back by the WebKDC to a WebAuth Application Server when requested using a proxy token, and the WAS also uses it to store the credentials in cookies.

CLASS METHODS

new ()

Create a new, empty WebAuth::Token::Cred. At least some attributes will have to be set using the accessor methods described below before the token can be used.

INSTANCE METHODS

As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception rather than by return status.

General Methods

encode (KEYRING)

Generate the encoded and encrypted form of this token using the provided KEYRING. The encryption key used will be the one returned by the best_key() method of WebAuth::Keyring on that KEYRING.

Accessor Methods

subject ([SUBJECT])

Get or set the subject, which holds the identity of the user for which this token contains credentials.

type ([TYPE])

Get or set the type of credential stored in this token. Currently, this is always "krb5" (but still must be explicitly set if creating a new token).

service ([SERVICE])

Get or set the service for which this token stores a credential. For tokens of type "krb5", this is the fully-qualified principal name of the service ticket stored in this token.

data ([CREDENTIAL])

Get or set the credential stored in this token. This is currently always a Kerberos ticket in the form created by the export_cred() method of the WebAuth::Krb5 module.

creation ([TIMESTAMP])

Get or set the creation timestamp for this token in seconds since epoch. If not set, the encoded token will have a creation time set to the time of encoding.

expiration ([TIMESTAMP])

Get or set the expiration timestamp for this token in seconds since epoch.

AUTHOR

Russ Allbery <eagle@eyrie.org>

SEE ALSO

WebAuth(3), WebAuth::Keyring(3), WebAuth::Krb5(3), WebAuth::Token(3)

This module is part of WebAuth. The current version is available from <http://webauth.stanford.edu/>.