.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "WebAuth::Token::Request 3pm" .TH WebAuth::Token::Request 3pm "2020-12-21" "perl v5.32.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" WebAuth::Token::Request \- WebAuth request tokens .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 6 \& my $token = WebAuth::Token::Request\->new; \& $token\->type (\*(Aqid\*(Aq); \& $token\->auth (\*(Aqwebkdc\*(Aq); \& $token\->return_url ($url); \& $token\->creation (time); \& print $token\->encode ($keyring), "\en"; .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A WebAuth request token, sent by the WebAuth Application Server to the WebKDC to initiate a request. .PP This token has two forms. The first is sent by the \s-1WAS\s0 to the WebKDC via a redirect to request either an id or a proxy token for the user, depending on whether the \s-1WAS\s0 will need credentials. The second is sent to the WebKDC as part of a request for a service token and contains only the command and creation time. If the \fBcommand()\fR attribute is set, most other attributes must not be set. .SH "CLASS METHODS" .IX Header "CLASS METHODS" .IP "new ()" 4 .IX Item "new ()" Create a new, empty WebAuth::Token::Request. At least some attributes will have to be set using the accessor methods described below before the token can be used. .SH "INSTANCE METHODS" .IX Header "INSTANCE METHODS" As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception rather than by return status. .SH "General Methods" .IX Header "General Methods" .IP "encode (\s-1KEYRING\s0)" 4 .IX Item "encode (KEYRING)" Generate the encoded and encrypted form of this token using the provided \&\s-1KEYRING.\s0 The encryption key used will be the one returned by the \&\fBbest_key()\fR method of WebAuth::Keyring on that \s-1KEYRING.\s0 .SH "Accessor Methods" .IX Header "Accessor Methods" .IP "type ([\s-1TYPE\s0])" 4 .IX Item "type ([TYPE])" Get or set the type of token requested. This can be either \f(CW\*(C`id\*(C'\fR to request only an id token, or \f(CW\*(C`proxy\*(C'\fR to request a proxy token that can be used to retrieve other types of tokens later. .IP "auth ([\s-1TYPE\s0])" 4 .IX Item "auth ([TYPE])" Get or set the type of id token requested. This attribute is only used if the \fBtype()\fR attribute is \f(CW\*(C`id\*(C'\fR. It should be set to either \f(CW\*(C`webkdc\*(C'\fR to request a bearer token or \f(CW\*(C`krb5\*(C'\fR to request a token with a Kerberos authenticator. .IP "proxy_type ([\s-1TYPE\s0])" 4 .IX Item "proxy_type ([TYPE])" Get or set the type of proxy token requested. This attribute is only used if the \fBtype()\fR attribute is \f(CW\*(C`proxy\*(C'\fR. It currently will always be set to \&\f(CW\*(C`krb5\*(C'\fR, but must still be explicitly set when creating a new token. .IP "state ([\s-1DATA\s0])" 4 .IX Item "state ([DATA])" Get or set the optional state data. If this data is provided, it will be returned by the WebKDC to the WebAuth Application Server as a second element in the \s-1URL.\s0 It is normally used to hold an app token that contains the session key used for WebKDC communication, encrypted in the private key of a WebAuth Application Server pool. .IP "return_url ([\s-1URL\s0])" 4 .IX Item "return_url ([URL])" Get or set the return \s-1URL,\s0 which specifies the \s-1URL\s0 to which the user should be sent after successful authentication. .IP "options ([\s-1OPTIONS\s0])" 4 .IX Item "options ([OPTIONS])" Get or set an optional comma-separated list of request options. For a complete list of supported options and their meanings, see the WebAuth protocol specification. .IP "initial_factors ([\s-1FACTORS\s0])" 4 .IX Item "initial_factors ([FACTORS])" Get or set a comma-separated list of authentication factors that the user is required to use for initial authentication (the single sign-on transaction). For a list of possible factors and their meaning, see the WebAuth protocol specification. .IP "session_factors ([\s-1FACTORS\s0])" 4 .IX Item "session_factors ([FACTORS])" Get or set a comma-separated list of authentication factors that the user is required to use to authenticate this session (this particular visit to this WebAuth Application Server). For a list of possible factors and their meaning, see the WebAuth protocol specification. .IP "loa ([\s-1LOA\s0])" 4 .IX Item "loa ([LOA])" Get or set the level of assurance required for the user authentication. This is a number whose values are site-defined but for which increasing numbers represent increasing assurance for the authentication. .IP "command ([\s-1ELEMENT\s0])" 4 .IX Item "command ([ELEMENT])" Get or set the \s-1XML\s0 element for which this token provides an authenticator. If this attribute is set, no other attributes other than \fBcreation()\fR should be set. This type of token is used inside an \s-1XML\s0 request to the WebKDC to authenticate that request via an encrypted token in the shared key established between the WebAuth Authentication Server and the WebKDC. .IP "creation ([\s-1TIMESTAMP\s0])" 4 .IX Item "creation ([TIMESTAMP])" Get or set the creation timestamp for this token in seconds since epoch. If not set, the encoded token will have a creation time set to the time of encoding. .SH "AUTHOR" .IX Header "AUTHOR" Russ Allbery .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBWebAuth\fR\|(3), \fBWebAuth::Keyring\fR\|(3), \fBWebAuth::Token\fR\|(3) .PP This module is part of WebAuth. The current version is available from .