Provided by: libwebauth-perl_4.7.0-6build2_amd64 bug

NAME
       WebAuth::Token::Request - WebAuth request tokens


SYNOPSIS
           my $token = WebAuth::Token::Request->new;
           $token->type ('id');
           $token->auth ('webkdc');
           $token->return_url ($url);
           $token->creation (time);
           print $token->encode ($keyring), "\n";


DESCRIPTION
       A WebAuth request token, sent by the WebAuth Application Server to the WebKDC to initiate a request.

       This token has two forms.  The first is sent by the WAS to the WebKDC via a redirect to request either an
       id or a proxy token for the user, depending on whether the WAS will need credentials.  The second is sent
       to the WebKDC as part of a request for a service token and contains only the command and creation time.
       If the command() attribute is set, most other attributes must not be set.


CLASS METHODS
       new ()
           Create  a new, empty WebAuth::Token::Request.  At least some attributes will have to be set using the
           accessor methods described below before the token can be used.


INSTANCE METHODS
       As with WebAuth module functions, failures are signaled by throwing  WebAuth::Exception  rather  than  by
       return status.


General Methods
       encode (KEYRING)
           Generate the encoded and encrypted form of this token using the provided KEYRING.  The encryption key
           used will be the one returned by the best_key() method of WebAuth::Keyring on that KEYRING.


Accessor Methods
       type ([TYPE])
           Get  or  set  the  type  of token requested.  This can be either "id" to request only an id token, or
           "proxy" to request a proxy token that can be used to retrieve other types of tokens later.

       auth ([TYPE])
           Get or set the type of id token requested.  This attribute is only used if the  type()  attribute  is
           "id".   It  should  be  set to either "webkdc" to request a bearer token or "krb5" to request a token
           with a Kerberos authenticator.

       proxy_type ([TYPE])
           Get or set the type of proxy token requested.  This attribute is only used if the type() attribute is
           "proxy".  It currently will always be set to "krb5", but must still be explicitly set when creating a
           new token.

       state ([DATA])
           Get or set the optional state data.  If this data is provided, it will be returned by the  WebKDC  to
           the  WebAuth  Application  Server as a second element in the URL.  It is normally used to hold an app
           token that contains the session key used for WebKDC communication, encrypted in the private key of  a
           WebAuth Application Server pool.

       return_url ([URL])
           Get  or set the return URL, which specifies the URL to which the user should be sent after successful
           authentication.

       options ([OPTIONS])
           Get or set an optional comma-separated list of request options.  For a  complete  list  of  supported
           options and their meanings, see the WebAuth protocol specification.

       initial_factors ([FACTORS])
           Get  or  set  a  comma-separated  list of authentication factors that the user is required to use for
           initial authentication (the single sign-on transaction).  For a list of possible  factors  and  their
           meaning, see the WebAuth protocol specification.

       session_factors ([FACTORS])
           Get  or  set  a  comma-separated  list  of authentication factors that the user is required to use to
           authenticate this session (this particular visit to this WebAuth Application Server).  For a list  of
           possible factors and their meaning, see the WebAuth protocol specification.

       loa ([LOA])
           Get  or  set  the  level  of  assurance required for the user authentication.  This is a number whose
           values are site-defined but for which increasing  numbers  represent  increasing  assurance  for  the
           authentication.

       command ([ELEMENT])
           Get or set the XML element for which this token provides an authenticator.  If this attribute is set,
           no  other  attributes  other than creation() should be set.  This type of token is used inside an XML
           request to the WebKDC to authenticate  that  request  via  an  encrypted  token  in  the  shared  key
           established between the WebAuth Authentication Server and the WebKDC.

       creation ([TIMESTAMP])
           Get  or  set  the  creation timestamp for this token in seconds since epoch.  If not set, the encoded
           token will have a creation time set to the time of encoding.


AUTHOR
       Russ Allbery <eagle@eyrie.org>


SEE ALSO
       WebAuth(3), WebAuth::Keyring(3), WebAuth::Token(3)

       This module is part of WebAuth.  The current version is available from <http://webauth.stanford.edu/>.

perl v5.26.1                                       2018-02-28                       WebAuth::Token::Request(3pm)