Provided by: libwebauth-perl_4.5.5-2_amd64 bug

NAME
       WebAuth::Token::Request - WebAuth request tokens


SYNOPSIS
           my $token = WebAuth::Token::Request->new;
           $token->type ('id');
           $token->auth ('webkdc');
           $token->return_url ($url);
           $token->creation (time);
           print $token->encode ($keyring), "\n";


DESCRIPTION
       A WebAuth request token, sent by the WebAuth Application Server to the WebKDC to initiate
       a request.

       This token has two forms.  The first is sent by the WAS to the WebKDC via a redirect to
       request either an id or a proxy token for the user, depending on whether the WAS will need
       credentials.  The second is sent to the WebKDC as part of a request for a service token
       and contains only the command and creation time.  If the command() attribute is set, most
       other attributes must not be set.


CLASS METHODS
       new ()
           Create a new, empty WebAuth::Token::Request.  At least some attributes will have to be
           set using the accessor methods described below before the token can be used.


INSTANCE METHODS
       As with WebAuth module functions, failures are signaled by throwing WebAuth::Exception
       rather than by return status.


General Methods
       encode (KEYRING)
           Generate the encoded and encrypted form of this token using the provided KEYRING.  The
           encryption key used will be the one returned by the best_key() method of
           WebAuth::Keyring on that KEYRING.


Accessor Methods
       type ([TYPE])
           Get or set the type of token requested.  This can be either "id" to request only an id
           token, or "proxy" to request a proxy token that can be used to retrieve other types of
           tokens later.

       auth ([TYPE])
           Get or set the type of id token requested.  This attribute is only used if the type()
           attribute is "id".  It should be set to either "webkdc" to request a bearer token or
           "krb5" to request a token with a Kerberos authenticator.

       proxy_type ([TYPE])
           Get or set the type of proxy token requested.  This attribute is only used if the
           type() attribute is "proxy".  It currently will always be set to "krb5", but must
           still be explicitly set when creating a new token.

       state ([DATA])
           Get or set the optional state data.  If this data is provided, it will be returned by
           the WebKDC to the WebAuth Application Server as a second element in the URL.  It is
           normally used to hold an app token that contains the session key used for WebKDC
           communication, encrypted in the private key of a WebAuth Application Server pool.

       return_url ([URL])
           Get or set the return URL, which specifies the URL to which the user should be sent
           after successful authentication.

       options ([OPTIONS])
           Get or set an optional comma-separated list of request options.  For a complete list
           of supported options and their meanings, see the WebAuth protocol specification.

       initial_factors ([FACTORS])
           Get or set a comma-separated list of authentication factors that the user is required
           to use for initial authentication (the single sign-on transaction).  For a list of
           possible factors and their meaning, see the WebAuth protocol specification.

       session_factors ([FACTORS])
           Get or set a comma-separated list of authentication factors that the user is required
           to use to authenticate this session (this particular visit to this WebAuth Application
           Server).  For a list of possible factors and their meaning, see the WebAuth protocol
           specification.

       loa ([LOA])
           Get or set the level of assurance required for the user authentication.  This is a
           number whose values are site-defined but for which increasing numbers represent
           increasing assurance for the authentication.

       command ([ELEMENT])
           Get or set the XML element for which this token provides an authenticator.  If this
           attribute is set, no other attributes other than creation() should be set.  This type
           of token is used inside an XML request to the WebKDC to authenticate that request via
           an encrypted token in the shared key established between the WebAuth Authentication
           Server and the WebKDC.

       creation ([TIMESTAMP])
           Get or set the creation timestamp for this token in seconds since epoch.  If not set,
           the encoded token will have a creation time set to the time of encoding.


AUTHOR
       Russ Allbery <rra@stanford.edu>


SEE ALSO
       WebAuth(3), WebAuth::Keyring(3), WebAuth::Token(3)

       This module is part of WebAuth.  The current version is available from
       <http://webauth.stanford.edu/>.