NAME
Kernel::System::AccessToken
DESCRIPTION
Manages API authorization tokens.
PUBLIC INTERFACE
BUILD()
Customization of object construction, do not use it directly.
List()
Get a list of the access tokens.
# returns all the access tokens.
my $List = $AccessTokenObject->List();
# returns all the access tokens for user-id X.
my $List = $AccessTokenObject->List(Filters => {UserID => 'X'});
# returns all the access tokens for user-id X or Y.
my $List = $AccessTokenObject->List(Filters => {UserID => ['X', 'Y']});
# returns all the access tokens for user-id (X or Y) and expires-time = 2018-02-18.
my $List = $AccessTokenObject->List(Filters => {UserID => ['X', 'Y'], ExpiresTime => '2018-02-18'});
Returns
C<undef> - in case any error occurs
[] - in case no access token was found
[
Kernel::System::AccessToken::Token->new(),
...
]
ListActive()
Get a list of the active access tokens.
# returns all the active access tokens.
my $ListActive = $AccessTokenObject->ListActive();
# returns all the active access tokens for user-id X.
my $ListActiveUser = $AccessTokenObject->ListActive( Filters => { UserID => 'X' } );
Returns
C<undef> - in case any error occurs
[] - in case no access token was found
[
Kernel::System::AccessToken::Token->new(),
...
]
Count()
Return the number of access-tokens that exists and match the passed filters.
# Get the total of access-tokens.
my $Count = $AccessTokenObject->Count();
# Get the total of access-tokens for the user-id X.
my $Count = $Storage->Count( Filters => { UserID => 'X', }, );
Returns
number - in case of success.
C<undef> - in case any error occurs.
CountActive()
Return the number of active access-tokens and match the passed filters.
CountMarkedForLimits()
Return the number of access-tokens that exists marked as 'IsCountedForLimits' and match the passed filters.
CountActiveMarkedForLimits()
Return the number of active access-tokens that exists marked as 'IsCountedForLimits' and match the passed filters.
Get()
Get an access token by UUID or Token.
# get by token.
my $AccessToken = $AccessTokenObject->Get( Token => '...' );
# get by uuid
my $AccessToken = $AccessTokenObject->Get(UUID => '...');
Returns
C<undef> - in case any error occurs
empty K::S::AccessToken::Token - in case no record was found
K::S::AccessToken::Token->new(
UUID => '...',
UserID => '...',
UserType => '...',
CreateTime => '...',
ExpiresTime => '...',
LastAccessTime => '...',
)
Create()
Create a new access token.
my $AccessToken = $AccessTokenObject->Create(
UUID => '...',
Token => '...',
UserID => '...',
UserType => '...',
ExpiresTime => '...',
);
Returns
Kernel::System::AccessToken::Token->new(
UUID => '...',
Token => '...',
UserID => '...',
UserType => '...',
ExpiresTime => '...',
CreateTime => '...',
LastAccessTime => '...',
);
or C<undef> in case any error occurs.
Delete()
Delete access tokens.
# delete all access tokens.
my $Result = $AccessTokenObject->Delete();
# delete all access tokens where the expires time is lower than...
my $Result = $AccessTokenObject->Delete(
Filters => {
ExpiresTimeLower => '...', # optional
UserID => '...', # optional
UUID => '...', # optional
},
);
Returns
1 - in case of success.
C<undef> - in case any error occurs.
Update()
Update access tokens.
# update create-time of all access tokens.
my $Result = $AccessTokenObject->Update(Data => {CreateTime => '2018-03-02'});
# update last-access-time and create-time off all the access tokens for user-id X.
my $Result = $AccessTokenObject->Update(
Filters => {UserID => 'X'},
Data => {LastAccessTime => '2018-03-02', CreateTime => '2018-03-01'}
);
# update last-access-time for uuid X.
my $Result = $AccessTokenObject->Update(
Filters => {UUID => 'X'},
Data => {LastAccessTime => '2018-04-01'},
);
Returns
1 - in case of success.
C<undef> - in case any error occurs.
IsValid()
Checks if the the jwt-token
is valid.
my $AccessToken = $AccessTokenObject->IsValid(
UUID => '...' # optional, OR
Token => '...' # optional (jwt-token)
);
Returns
C<undef> - in case any error occurs
K::S::AccessToken::Token->new(
UUID => '...',
UserID => '...',
UserType => '...',
CreateTime => '...',
ExpiresTime => '...',
LastAccessTime => '...',
)
Generate()
Generate a new access-token (jwt-token
) and saves it in the storage.
my $AccessToken = $AccessTokenObject->Generate(
Username => '...', # (required)
UserType => '...', # (required)
Data => {...}, # (optional)
SessionMaxTime => 180, # (optional) Expiration time in seconds, default: SessionMaxTime from config
);
Returns
C<undef> - in case any error occurs
K::S::AccessToken::Token->new(
UUID => '...',
UserID => '...',
UserType => '...',
CreateTime => '...',
ExpiresTime => '...',
LastAccessTime => '...',
)
Decode()
Decode a jwt-token
.
my $TokenData = $AccessTokenObject->Decode(
Token => '...' # jwt-token
# claims (optional)
VerifyIss => '',
VerifyAud => '',
VerifyExp => 0,
);
Returns
C<undef> - in case any error occurs
hashref - token data
Keys()
Returns the list of the current access-token keys, ordered by the most recent.
my $Keys = $AccessTokenObject->Keys();
Returns
C<undef> - in case any error occurs
[] - in case no key was found
[
Kernel::System::AccessToken::Key->new(...),
...
]
GenerateKey()
Generates a new access-token encrypt/decrypt key.
my $Keys = $AccessTokenObject->GenerateKey();
Returns
C<undef> - in case any error occurs
Kernel::System::AccessToken::Key->new(
Value => '...',
CreateTime => '...',
),
DeleteKeys()
Deletes the given access-token keys.
# Delete multiple keys.
my $Result = $AccessTokenObject->DeleteKeys( Key => ['...', '...'] );
# Delete one key.
my $Result = $AccessTokenObject->DeleteKeys( Key => '...' );
# Delete all the keys.
my $Result = $AccessTokenObject->DeleteKeys();
Returns
1 - in case of success.
C<undef> - in case any error occurs.
AgentSessionPriorLimitIsReached()
Get the agent session limit prior warning message, if the limit is reached.
my $PriorMessage = $AccessTokenObject->AgentSessionPriorLimitIsReached();
Returns the prior warning message or an empty string.
PRIVATE INTERFACE
_TokenEncryptKey()
Gets the access-token encryption/decryption secret from the config.
my $Secret = $Self->_TokenSecret();
Returns
String - in case the secret is set.
dies in case the secret isn't set.
_CheckFilters()
Checks if the given filters are supported.
my $Secret = $Self->_CheckFilters(
Filters => {
UUID => '...', # optional
Token => '...', # optional
UserID => '...', # optional
UserType => '...', # optional
ExpiresTime => '...', # optional
ExpiresTimeLower => '...', # optional
ExpiresTimeGreater => '...', # optional
LastAccessTime => '...', # optional
LastAccessTimeLower => '...', # optional
LastAccessTimeGreater => '...', # optional
IsCountedForLimits => '...', # optional
IsInteractive => '...', # optional
IsOneTimeOnly => '...', # optional
FromClient => '...', # optional
},
);
Returns
1 - in case all filters are valid
C<undef> - in case any unknown filter was found.