NAME

Kernel::System::AccessToken

DESCRIPTION

Manages API authorization tokens.

PUBLIC INTERFACE

BUILD()

Customization of object construction, do not use it directly.

List()

Get a list of the access tokens.

    # returns all the access tokens.
    my $List = $AccessTokenObject->List();

    # returns all the access tokens for user-id X.
    my $List = $AccessTokenObject->List(Filters => {UserID => 'X'});

    # returns all the access tokens for user-id X or Y.
    my $List = $AccessTokenObject->List(Filters => {UserID => ['X', 'Y']});

    # returns all the access tokens for user-id (X or Y) and expires-time = 2018-02-18.
    my $List = $AccessTokenObject->List(Filters => {UserID => ['X', 'Y'], ExpiresTime => '2018-02-18'});

Returns

    C<undef> - in case any error occurs
    []       - in case no access token was found
    [
        Kernel::System::AccessToken::Token->new(),
        ...
    ]

ListActive()

Get a list of the active access tokens.

    # returns all the active access tokens.
    my $ListActive = $AccessTokenObject->ListActive();

    # returns all the active access tokens for user-id X.
    my $ListActiveUser = $AccessTokenObject->ListActive( Filters => { UserID => 'X' } );

Returns

    C<undef> - in case any error occurs
    []       - in case no access token was found
    [
        Kernel::System::AccessToken::Token->new(),
        ...
    ]

Count()

Return the number of access-tokens that exists and match the passed filters.

    # Get the total of access-tokens.
    my $Count = $AccessTokenObject->Count();

    # Get the total of access-tokens for the user-id X.
    my $Count = $Storage->Count( Filters => { UserID => 'X', }, );

Returns

    number - in case of success.
    C<undef> - in case any error occurs.

CountActive()

Return the number of active access-tokens and match the passed filters.

CountMarkedForLimits()

Return the number of access-tokens that exists marked as 'IsCountedForLimits' and match the passed filters.

CountActiveMarkedForLimits()

Return the number of active access-tokens that exists marked as 'IsCountedForLimits' and match the passed filters.

Get()

Get an access token by UUID or Token.

    # get by token.
    my $AccessToken = $AccessTokenObject->Get( Token => '...' );

    # get by uuid
    my $AccessToken = $AccessTokenObject->Get(UUID => '...');

Returns

    C<undef> - in case any error occurs
    empty K::S::AccessToken::Token - in case no record was found
    K::S::AccessToken::Token->new(
        UUID           => '...',
        UserID         => '...',
        UserType       => '...',
        CreateTime     => '...',
        ExpiresTime    => '...',
        LastAccessTime => '...',
    )

Create()

Create a new access token.

    my $AccessToken = $AccessTokenObject->Create(
        UUID        => '...',
        Token       => '...',
        UserID      => '...',
        UserType    => '...',
        ExpiresTime => '...',
    );

Returns

    Kernel::System::AccessToken::Token->new(
        UUID           => '...',
        Token          => '...',
        UserID         => '...',
        UserType       => '...',
        ExpiresTime    => '...',
        CreateTime     => '...',
        LastAccessTime => '...',
    );

    or C<undef> in case any error occurs.

Delete()

Delete access tokens.

    # delete all access tokens.
    my $Result = $AccessTokenObject->Delete();

    # delete all access tokens where the expires time is lower than...
    my $Result = $AccessTokenObject->Delete(
        Filters => {
            ExpiresTimeLower => '...', # optional
            UserID           => '...', # optional
            UUID             => '...', # optional
        },
    );

Returns

    1 - in case of success.
    C<undef> - in case any error occurs.

Update()

Update access tokens.

    # update create-time of all access tokens.
    my $Result = $AccessTokenObject->Update(Data => {CreateTime => '2018-03-02'});

    # update last-access-time and create-time off all the access tokens for user-id X.
    my $Result = $AccessTokenObject->Update(
        Filters => {UserID => 'X'},
        Data    => {LastAccessTime => '2018-03-02', CreateTime => '2018-03-01'}
    );

    # update last-access-time for uuid X.
    my $Result = $AccessTokenObject->Update(
        Filters => {UUID           => 'X'},
        Data    => {LastAccessTime => '2018-04-01'},
    );

Returns

    1 - in case of success.
    C<undef> - in case any error occurs.

IsValid()

Checks if the the jwt-token is valid.

    my $AccessToken = $AccessTokenObject->IsValid(
        UUID   => '...' # optional, OR
        Token  => '...' # optional (jwt-token)
    );

Returns

    C<undef> - in case any error occurs
    K::S::AccessToken::Token->new(
        UUID           => '...',
        UserID         => '...',
        UserType       => '...',
        CreateTime     => '...',
        ExpiresTime    => '...',
        LastAccessTime => '...',
    )

Generate()

Generate a new access-token (jwt-token) and saves it in the storage.

    my $AccessToken = $AccessTokenObject->Generate(
        Username       => '...',  # (required)
        UserType       => '...',  # (required)
        Data           => {...},  # (optional)
        SessionMaxTime => 180,    # (optional) Expiration time in seconds, default: SessionMaxTime from config
    );

Returns

    C<undef> - in case any error occurs
    K::S::AccessToken::Token->new(
        UUID           => '...',
        UserID         => '...',
        UserType       => '...',
        CreateTime     => '...',
        ExpiresTime    => '...',
        LastAccessTime => '...',
    )

Decode()

Decode a jwt-token.

    my $TokenData = $AccessTokenObject->Decode(
        Token => '...' # jwt-token

        # claims (optional)
        VerifyIss => '',
        VerifyAud => '',
        VerifyExp => 0,
    );

Returns

    C<undef> - in case any error occurs
    hashref  - token data

Keys()

Returns the list of the current access-token keys, ordered by the most recent.

    my $Keys = $AccessTokenObject->Keys();

Returns

    C<undef> - in case any error occurs
    []       - in case no key was found
    [
        Kernel::System::AccessToken::Key->new(...),
        ...
    ]

GenerateKey()

Generates a new access-token encrypt/decrypt key.

    my $Keys = $AccessTokenObject->GenerateKey();

Returns

    C<undef> - in case any error occurs
    Kernel::System::AccessToken::Key->new(
        Value      => '...',
        CreateTime => '...',
    ),

DeleteKeys()

Deletes the given access-token keys.

    # Delete multiple keys.
    my $Result = $AccessTokenObject->DeleteKeys( Key => ['...', '...'] );

    # Delete one key.
    my $Result = $AccessTokenObject->DeleteKeys( Key => '...' );

    # Delete all the keys.
    my $Result = $AccessTokenObject->DeleteKeys();
Returns

    1 - in case of success.
    C<undef> - in case any error occurs.

AgentSessionPriorLimitIsReached()

Get the agent session limit prior warning message, if the limit is reached.

    my $PriorMessage = $AccessTokenObject->AgentSessionPriorLimitIsReached();

Returns the prior warning message or an empty string.

PRIVATE INTERFACE

_TokenEncryptKey()

Gets the access-token encryption/decryption secret from the config.

    my $Secret = $Self->_TokenSecret();

Returns

    String - in case the secret is set.
    dies in case the secret isn't set.

_CheckFilters()

Checks if the given filters are supported.

    my $Secret = $Self->_CheckFilters(
        Filters => {
            UUID                  => '...', # optional
            Token                 => '...', # optional
            UserID                => '...', # optional
            UserType              => '...', # optional
            ExpiresTime           => '...', # optional
            ExpiresTimeLower      => '...', # optional
            ExpiresTimeGreater    => '...', # optional
            LastAccessTime        => '...', # optional
            LastAccessTimeLower   => '...', # optional
            LastAccessTimeGreater => '...', # optional
            IsCountedForLimits    => '...', # optional
            IsInteractive         => '...', # optional
            IsOneTimeOnly         => '...', # optional
            FromClient            => '...', # optional
        },
    );

Returns

    1        - in case all filters are valid
    C<undef> - in case any unknown filter was found.