go-macaroon / macaroon Goto Github PK
View Code? Open in Web Editor NEWA native Go implementation of macaroons
License: BSD 3-Clause "New" or "Revised" License
A native Go implementation of macaroons
License: BSD 3-Clause "New" or "Revised" License
I noticed that the v2-unstable
branch enforces valid UTF-8 for caveat IDs. Is there a reason for this?
I'm currently working on a macaroon authorization system that will use a binary encoding for caveat IDs as it can be quite a bit more compact and easier to decode.
The version field is mentioned here and is ignored when reading the JSON v2 format and omitted when writing. We should at least inspect it when reading.
The README has -- import "gopkg.in/macaroon.v1" on the v2 branch.
This should probably be
-- import "gopkg.in/macaroon.v2"
Hi there!
I've been using the macaroon
and bakery
libraries for a couple of test projects. First off, excellent work! They're both really intuitive to use and the code is incredibly helpful for figuring out how macaroons are supposed to work!
I have run into an issue, but it's definitely possible the error is on my end.
I'm having an issue discharging third-party caveats using the V1 binary format. I'm testing some library interoperability and I currently have a libmacaroons client which consumes a token generated by [jmacaroons (https://github.com/nitram509/jmacaroons/tree/master/src), which is then discharged by the go-macaroon
library. It seems like there's some discrepancies between what the various libraries consider to be the V1 binary format.
For example, a macaroon generated by the following c++ method:
const Macaroon Macaroon::createV1Test() {
std::string loc = "http://test.loc";
std::string key = "This is a test key, it's long";
std::string id = "test id for test";
enum macaroon_returncode err;
const macaroon* m = macaroon_create(reinterpret_cast<const unsigned char *>(loc.data()), loc.size(),
reinterpret_cast<const unsigned char *>(key.data()), key.size(),
reinterpret_cast<const unsigned char *>(id.data()), id.size(), &err);
std::string id3 = "test-third-id";
std::string third_loc = "http://thirdparty.loc";
std::string third_key = "This is a test key, it's long";
const macaroon* m2 = macaroon_add_third_party_caveat(m, reinterpret_cast<const unsigned char *>(third_loc.data()), third_loc.length(),
reinterpret_cast<const unsigned char *>(third_key.data()),
third_key.size(),
reinterpret_cast<const unsigned char *>(id3.data()),
id3.size(),
&err);
return Macaroon(m2);
}
produces a Macaroon with these properties:
location http://test.loc
identifier test id for test
cid test-third-id
vid AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3W3qRCV9aIfG6ABLzAklzCJMzAZCCoXOLGu-49UvHPBPcgQmYzJHWmYZR13HVBcu
cl http://thirdparty.loc
signature f3190a32e6ffb8e7183b69f720b45f46d542c7b360a20b2a1481fbc562671963
However, it looks like the go libraries expect cid
to contain the encrypted value for id
, which seems to be present in vid
.
My question is, have I missed something in my understanding of macaroons? Am I trying to use two different formats between the libraries, rather than the V1 format?
Appreciate any insight you can provide, and again, excellent work on your libraries!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.