# README
Fly.io Macaroon Tokens 
This is the extracted Macaroon token code we use for authorization inside of Fly.io. Because flyctl, our CLI, is open source, it can't fully exploit our tokens unless this library is open source as well. So it is.
We don't think you should use any of this code; it's shrink-wrapped around some peculiar details of our production network, and the data model is Fly-specific. But if it's an interesting read, that's great too.
# Functions
Decode parses a token off the wire; to get usable caveats.
Decodes a set of serialized caveats.
DecodeNonce parses just the [Nonce] from an encoded [Macaroon].
Decyrpts the ticket from the 3p caveat and prepares a discharge token.
No description provided by the author
GetCaveats gets any caveats of type T, including those nested within IfPresent caveats.
No description provided by the author
New creates a new token given a key-id string (which can be any opaque string and doesn't need to be cryptographically random or anything; the key-id is how you're going to relate the token back to a key you've saved somewhere; it's probably a database rowid somehow) and a location, which is ordinarily a URL.
Create a new CaveatSet comprised of the specified caveats.
No description provided by the author
No description provided by the author
Parses an Authorization header into its constituent tokens.
Parse a string token and find the contained permission token for the given location.
Register an alternate name for this caveat type that will be recognized when decoding JSON.
Register a caveat type for use with this library.
Checks the macaroon for a third party caveat for the specified location.
ToAuthorizationHeader formats a collection of tokens as an HTTP Authorization header.
Helper for validating concretely-typed accesses.
# Constants
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Globally-recognized user-registerable caveat types may be requested via pull requests to this repository.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Variables
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Structs
Caveat3P is a requirement that the token be presented along with a 3P discharge token.
CaveatSet is how a set of caveats is serailized/encoded.
Macaroon is the fully-functioning internal representation of a token --- you've got a Macaroon either because you're constructing a new token yourself, or because you've parsed a token from the wire.
A Nonce in cryptography is a random number that is only used once.
No description provided by the author
ValidityWindow establishes the window of time the token is valid for.
# Interfaces
Access represents the user's attempt to access some resource.
Attestations make a positive assertion rather than constraining access to a resource.
Caveat is the interface implemented by all caveats.
WrapperCaveat should be implemented by caveats that wrap other caveats (eg.
# Type aliases
BindToParentToken is used by discharge tokens to state that they may only be used to discharge 3P caveats for a specific root token or further attenuated versions of that token.
A numeric identifier for caveat types.
No description provided by the author
No description provided by the author