Package org.forgerock.macaroons

Class Macaroon.Caveat

  • Enclosing class:
    Macaroon
    public static final class Macaroon.Caveat
extends Object
    Represents a caveat on a macaroon. A caveat is a restriction on how the macaroon is used. See Macaroon for more details.

    • Method Detail

      • getIdentifier

        public byte[] getIdentifier()
        The caveat identifier. For a first-party caveat this will be a UTF-8 string describing the condition to be satisfied. For a third-party caveat it will be some bytes that are understood by the third party service.
        Returns:
        the caveat identifier.

      • getIdentifierAsString

        public String getIdentifierAsString()
        Returns the caveat identifier as a string after UTF-8 decoding.
        Returns:
        the identifier as a string.

      • getLocationHint

        public String getLocationHint()
        Returns a location hint for the 3rd-party service that can satisfy a caveat. This will be null for 1st-party caveats. Note that the location hint is not authenticated and so can be tampered with. Clients should ensure they only contact services from a known whitelist.
        Returns:
        the location hint.

      • getVerifierId

        public byte[] getVerifierId()
        Returns the encrypted verifier identifier for a 3rd-party caveat. This will be null for 1st-party caveats. The verifier ID is an encrypted Macaroon key that will be used to sign a discharge macaroon for this caveat. The key will be decrypted during macaroon verification.
        Returns:
        the verifier ID.

      • isFirstParty

        public boolean isFirstParty()
        Indicates that this is a 1st-party caveat.
        Returns:
        true if this is a 1st-party caveat.

      • isThirdParty

        public boolean isThirdParty()
        Indicates that this is a 3rd-party caveat.
        Returns:
        true if this is a 3rd-party caveat.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object