Provided by: libwebkdc-perl_4.7.0-6build2_all bug

NAME

       WebKDC::WebResponse - Encapsulates a response from a WebAuth WebKDC

SYNOPSIS

           use WebKDC::WebResponse

           my $resp = WebKDC::WebResponse->new;
           $resp->subject ($user);
           $resp->requester_subject ($req_subject);
           $resp->response_token_type ('id');
           $resp->response_token ($id);
           $resp->return_url ($url);

DESCRIPTION

       A WebKDC::WebResponse object encapsulates a response from a WebAuth WebKDC, representing
       the result of a login attempt for a particular WebAuth Application Server.  It is filled
       in by the WebKDC module as the result of a make_request_token_request call.  The object
       has very little inherent functionality.  It's mostly a carrier for data.

CLASS METHODS

       new ()
           Create a new, empty WebKDC::WebResponse object.  At least some parameters must be set
           using accessor functions as described below to do anything useful with the object.

INSTANCE METHODS

       app_state ([STATE])
           Returns or sets the application state token.  If this is set in the response, the
           WebLogin server should return it to the WebAuth application server as the WEBAUTHS
           parameter in the URL.

       authz_subject ([SUBJECT])
           Retrieve or set the asserted authorization identity.  This is an identity separate
           from the authentication identity that is vetted by the WebKDC and asserted for
           authorization purposes to the remote site.  It is included in the id or proxy token,
           but is also included directly in the response for display reasons in the WebLogin
           code.

       default_device ([ID])
           Returns or sets the default device to use for obtaining a second factor.  This may be
           set when the user's authentication was rejected because multifactor authentication was
           required, and is used by WebLogin as part of the prompting for the second factor
           authentication.

       default_factor ([FACTOR])
           Returns or sets the default authentication factor to use when a second authentication
           factor besides password is required.  This may be set when the user's authentication
           was rejected because multifactor authentication was required, and is used by WebLogin
           as part of the prompting for the second factor authentication.

       devices ([RECORD, ...])
           Returns the list of devices for second authentication factors that the user has
           available, or adds a new one.  If any parameters are given, they are device records
           that will be added to the list.  Note that there is no way to remove an entry from the
           list once it has been added.

           Each RECORD should be an anonymous hash with a "name" key indicating the human-
           readable name of the device, a "id" key indicating the opaque identifier for the
           device, and a "factors" key, whose value is a reference to an array of factor codes
           that device supports.  The default_device() attribute should match the "id" key of one
           of the device records, and the default_factor() attribute should match one of the
           factors listed for that device.

       factor_configured ([FACTOR, ...])
       factor_needed ([FACTOR, ...])
           Returns or sets the authentication factors this user has configured or that the
           WebAuth application server requires.  These are set when the user's authentication was
           rejected because multifactor authentication was required and are used by the WebLogin
           server to determine what factor to prompt for or to customize an error message
           explaining to the user what factors they need to configure.

       login_canceled_token ([LC])
           Returns or sets a login cancellation token.  If the user decides to cancel this
           authentication, this token should be returned to the WebAuth application server as the
           WEBAUTHR parameter in the URL.

       login_history ([RECORD, ...])
           Returns the list of login history records or adds new login history records.  If any
           parameters are given, they are history records that will be added to the list.  Note
           that there is no way to remove an entry from the list once it has been added.

           Each RECORD should be an anonymous hash with an "ip" key whose value is the IP address
           from which the user logged in and a "timestamp" key whose value is the time of that
           login in seconds since epoch.  There may optionally be a "hostname" key that, if
           present, gives the hostname from which the user logged in.

       permitted_authz ([SUBJECT, ...])
           Returns the list of permitted authorization identities or sets them.  If any
           parameters are given, the list of acceptable authorization identities is replaced with
           the list of subjects given.  The permitted authorization identities are unique to this
           authenticated user and destination site.

       cookie (TYPE[, VALUE][, EXPIRATION])
           Returns or sets a cookie of the specified type.  The TYPE parameter should be the type
           of the cookie.  The VALUE, if present, is the corresponding token, suitable for being
           set as a browser cookie.  The EXPIRATION, if present, is the value the cookie
           expiration should be set for.  Returns the token of the given type, if any is set.

       cookies ()
           Returns all cookies as a hash, whose keys are the types and whose values are the
           tokens.  The returned hash is a reference to the hash inside the WebKDC::WebResponse
           object and therefore should not be modified by the caller.

       return_url ([URL])
           Returns or sets the return URL to which the user should be directed after
           authentication.

       requester_subject ([SUBJECT])
           Returns or sets the identity of the WebAuth application server that prompted this
           authentication attempt.

       response_token ([TOKEN])
       response_token_type ([TYPE])
           Returns or sets the token that is the result of the authentication attempt, or the
           type of that token.  This will be either an id token or a proxy token, depending on
           what the WebAuth application server requested.

       subject ([SUBJECT])
           Returns or sets the authenticated user identity.

       password_expiration ([EXPIRATION])
           Returns or sets the password expiration time for the authenticating user, in seconds
           since UNIX epoch.

       user_message ([TEXT])
           Text passed back from the user information service as a message to display to the user
           as explanatory text.

AUTHOR

       Roland Schemers and Russ Allbery <eagle@eyrie.org>

SEE ALSO

       WebKDC(3)

       This module is part of WebAuth.  The current version is available from
       <http://webauth.stanford.edu/>.