go-macaroon / macaroon Goto Github PK

I noticed that the v2-unstable branch enforces valid UTF-8 for caveat IDs. Is there a reason for this?

I'm currently working on a macaroon authorization system that will use a binary encoding for caveat IDs as it can be quite a bit more compact and easier to decode.

The version field is mentioned here and is ignored when reading the JSON v2 format and omitted when writing. We should at least inspect it when reading.

The README has -- import "gopkg.in/macaroon.v1" on the v2 branch.

This should probably be
-- import "gopkg.in/macaroon.v2"

Hi there!

I've been using the macaroon and bakery libraries for a couple of test projects. First off, excellent work! They're both really intuitive to use and the code is incredibly helpful for figuring out how macaroons are supposed to work!

I have run into an issue, but it's definitely possible the error is on my end.

I'm having an issue discharging third-party caveats using the V1 binary format. I'm testing some library interoperability and I currently have a libmacaroons client which consumes a token generated by [jmacaroons (https://github.com/nitram509/jmacaroons/tree/master/src), which is then discharged by the go-macaroon library. It seems like there's some discrepancies between what the various libraries consider to be the V1 binary format.

For example, a macaroon generated by the following c++ method:

const Macaroon Macaroon::createV1Test() {

    std::string loc = "http://test.loc";
    std::string key = "This is a test key, it's long";
    std::string id = "test id for test";
    enum macaroon_returncode err;
    const macaroon* m = macaroon_create(reinterpret_cast<const unsigned char *>(loc.data()), loc.size(),
                                        reinterpret_cast<const unsigned char *>(key.data()), key.size(),
                                        reinterpret_cast<const unsigned char *>(id.data()), id.size(), &err);

    std::string id3 = "test-third-id";
    std::string third_loc = "http://thirdparty.loc";
    std::string third_key = "This is a test key, it's long";
    const macaroon* m2 = macaroon_add_third_party_caveat(m, reinterpret_cast<const unsigned char *>(third_loc.data()), third_loc.length(),
                                                         reinterpret_cast<const unsigned char *>(third_key.data()),
                                                         third_key.size(),
                                                         reinterpret_cast<const unsigned char *>(id3.data()),
                                                         id3.size(),
                                                         &err);

    return Macaroon(m2);
}

produces a Macaroon with these properties:

location http://test.loc
identifier test id for test
cid test-third-id
vid AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3W3qRCV9aIfG6ABLzAklzCJMzAZCCoXOLGu-49UvHPBPcgQmYzJHWmYZR13HVBcu
cl http://thirdparty.loc
signature f3190a32e6ffb8e7183b69f720b45f46d542c7b360a20b2a1481fbc562671963

However, it looks like the go libraries expect cid to contain the encrypted value for id, which seems to be present in vid.

My question is, have I missed something in my understanding of macaroons? Am I trying to use two different formats between the libraries, rather than the V1 format?

Appreciate any insight you can provide, and again, excellent work on your libraries!