WebAuth::Token::Request - WebAuth request tokens
my $token = WebAuth::Token::Request->new;
$token->type ('id');
$token->auth ('webkdc');
$token->return_url ($url);
$token->creation (time);
print $token->encode ($keyring), "\n";
A WebAuth request token, sent by the WebAuth Application Server to
the WebKDC to initiate a request.
This token has two forms. The first is sent by the WAS to the
WebKDC via a redirect to request either an id or a proxy token for the user,
depending on whether the WAS will need credentials. The second is sent to
the WebKDC as part of a request for a service token and contains only the
command and creation time. If the command() attribute is set, most
other attributes must not be set.
- new ()
- Create a new, empty WebAuth::Token::Request. At least some attributes will
have to be set using the accessor methods described below before the token
can be used.
As with WebAuth module functions, failures are signaled by
throwing WebAuth::Exception rather than by return status.
- encode (KEYRING)
- Generate the encoded and encrypted form of this token using the provided
KEYRING. The encryption key used will be the one returned by the
best_key() method of WebAuth::Keyring on that KEYRING.
- type ([TYPE])
- Get or set the type of token requested. This can be either
"id" to request only an id token, or
"proxy" to request a proxy token that
can be used to retrieve other types of tokens later.
- auth ([TYPE])
- Get or set the type of id token requested. This attribute is only used if
the type() attribute is "id". It
should be set to either "webkdc" to
request a bearer token or "krb5" to
request a token with a Kerberos authenticator.
- proxy_type
([TYPE])
- Get or set the type of proxy token requested. This attribute is only used
if the type() attribute is
"proxy". It currently will always be set
to "krb5", but must still be explicitly
set when creating a new token.
- state ([DATA])
- Get or set the optional state data. If this data is provided, it will be
returned by the WebKDC to the WebAuth Application Server as a second
element in the URL. It is normally used to hold an app token that contains
the session key used for WebKDC communication, encrypted in the private
key of a WebAuth Application Server pool.
- return_url
([URL])
- Get or set the return URL, which specifies the URL to which the user
should be sent after successful authentication.
- options
([OPTIONS])
- Get or set an optional comma-separated list of request options. For a
complete list of supported options and their meanings, see the WebAuth
protocol specification.
- initial_factors
([FACTORS])
- Get or set a comma-separated list of authentication factors that the user
is required to use for initial authentication (the single sign-on
transaction). For a list of possible factors and their meaning, see the
WebAuth protocol specification.
- session_factors
([FACTORS])
- Get or set a comma-separated list of authentication factors that the user
is required to use to authenticate this session (this particular visit to
this WebAuth Application Server). For a list of possible factors and their
meaning, see the WebAuth protocol specification.
- loa ([LOA])
- Get or set the level of assurance required for the user authentication.
This is a number whose values are site-defined but for which increasing
numbers represent increasing assurance for the authentication.
- command
([ELEMENT])
- Get or set the XML element for which this token provides an authenticator.
If this attribute is set, no other attributes other than creation()
should be set. This type of token is used inside an XML request to the
WebKDC to authenticate that request via an encrypted token in the shared
key established between the WebAuth Authentication Server and the
WebKDC.
- creation
([TIMESTAMP])
- Get or set the creation timestamp for this token in seconds since epoch.
If not set, the encoded token will have a creation time set to the time of
encoding.
Russ Allbery <eagle@eyrie.org>