public class Auth extends TaskClusterRequestHandler
Authentication related API end-points for taskcluster.
| Modifier and Type | Field and Description |
|---|---|
protected static String |
defaultBaseURL |
| Constructor and Description |
|---|
Auth() |
Auth(String baseURL) |
Auth(String clientId,
String accessToken) |
Auth(String clientId,
String accessToken,
String certificate) |
| Modifier and Type | Method and Description |
|---|---|
CallSummary<EmptyPayload,AWSS3CredentialsResponse> |
awsS3Credentials(String level,
String bucket,
String prefix)
Get temporary AWS credentials for
read-write or read-only access to a given bucket and prefix within that bucket. |
CallSummary<EmptyPayload,AzureSharedAccessSignatureResponse> |
azureTableSAS(String account,
String table)
Get a shared access signature (SAS) string for use with a specific Azure Table Storage table.
|
CallSummary<EmptyPayload,GetClientResponse> |
client(String clientId)
Returns all information about a given client.
|
CallSummary<GetClientCredentialsResponse1,GetClientResponse> |
createClient(String clientId,
GetClientCredentialsResponse1 payload)
Create a client with given
clientId, name, expires, scopes and description. |
CallSummary<EmptyPayload,ExportedClients[]> |
exportClients()
Export all clients except the root client, as a JSON list.
|
CallSummary<EmptyPayload,GetClientCredentialsResponse> |
getCredentials(String clientId)
Returns the client’s
accessToken as needed for verifying signatures. |
CallSummary<ExportedClients,ExportedClients[]> |
importClients(ExportedClients payload)
Import client from JSON list, overwriting any clients that already exists.
|
CallSummary<EmptyPayload,ListClientsResponse[]> |
listClients()
Return a list of all clients, not including their access tokens.
|
CallSummary<GetClientCredentialsResponse1,GetClientResponse> |
modifyClient(String clientId,
GetClientCredentialsResponse1 payload)
Modify client
name, expires, scopes and description. |
CallSummary<EmptyPayload,EmptyPayload> |
ping()
Documented later…
|
CallSummary<EmptyPayload,EmptyPayload> |
removeClient(String clientId)
Delete a client with given
clientId. |
CallSummary<EmptyPayload,GetClientResponse> |
resetCredentials(String clientId)
Reset credentials for a client.
|
CallSummary<EmptyPayload,GetClientScopesResponse> |
scopes(String clientId)
Returns the scopes the client is authorized to access and the date-time when the clients authorization is set to expire.
|
apiCall, configureHawk, setBaseURLprotected static final String defaultBaseURL
public Auth(String baseURL)
public Auth()
public CallSummary<EmptyPayload,GetClientScopesResponse> scopes(String clientId) throws APICallFailure
Returns the scopes the client is authorized to access and the date-time when the clients authorization is set to expire.
This API end-point allows you inspect clients without getting access to credentials, as provided by the getCredentials request below.
APICallFailurepublic CallSummary<EmptyPayload,GetClientCredentialsResponse> getCredentials(String clientId) throws APICallFailure
Returns the client’s accessToken as needed for verifying signatures. This API end-point also returns the list of scopes the client is authorized for and the date-time where the client authorization expires
Remark, if you don’t need the accessToken but only want to see what scopes a client is authorized for, you should use the getScopes function described above.
See http://docs.taskcluster.net/auth/api-docs/#getCredentials
APICallFailurepublic CallSummary<EmptyPayload,GetClientResponse> client(String clientId) throws APICallFailure
Returns all information about a given client. This end-point is mostly for building tools to administrate clients. Do not use if you only want to authenticate a request; see getCredentials for this purpose.
APICallFailurepublic CallSummary<GetClientCredentialsResponse1,GetClientResponse> createClient(String clientId, GetClientCredentialsResponse1 payload) throws APICallFailure
Create a client with given clientId, name, expires, scopes and description. The accessToken will always be generated server-side, and will be returned from this request.
Required scopes: in addition the scopes listed above, the scopes property must be satisfied by the caller’s scopes.
APICallFailurepublic CallSummary<GetClientCredentialsResponse1,GetClientResponse> modifyClient(String clientId, GetClientCredentialsResponse1 payload) throws APICallFailure
Modify client name, expires, scopes and description.
Required scopes: in addition the scopes listed above, the scopes property must be satisfied by the caller’s scopes. The client’s existing scopes are not considered.
APICallFailurepublic CallSummary<EmptyPayload,EmptyPayload> removeClient(String clientId) throws APICallFailure
Delete a client with given clientId.
APICallFailurepublic CallSummary<EmptyPayload,GetClientResponse> resetCredentials(String clientId) throws APICallFailure
Reset credentials for a client. This will generate a new accessToken. As always, the accessToken will be generated server-side and returned.
See http://docs.taskcluster.net/auth/api-docs/#resetCredentials
APICallFailurepublic CallSummary<EmptyPayload,ListClientsResponse[]> listClients() throws APICallFailure
Return a list of all clients, not including their access tokens.
APICallFailurepublic CallSummary<EmptyPayload,AzureSharedAccessSignatureResponse> azureTableSAS(String account, String table) throws APICallFailure
Get a shared access signature (SAS) string for use with a specific Azure Table Storage table. Note, this will create the table, if it doesn’t already exist.
See http://docs.taskcluster.net/auth/api-docs/#azureTableSAS
APICallFailurepublic CallSummary<EmptyPayload,AWSS3CredentialsResponse> awsS3Credentials(String level, String bucket, String prefix) throws APICallFailure
Get temporary AWS credentials for read-write or read-only access to a given bucket and prefix within that bucket. The level parameter can be read-write or read-only and determines which type of credentials are returned. Please note that the level parameter is required in the scope guarding access.
The credentials are set to expire after an hour, but this behavior is subject to change. Hence, you should always read the expires property from the response, if you intend to maintain active credentials in your application.
Please note that your prefix may not start with slash /. Such a prefix is allowed on S3, but we forbid it here to discourage bad behavior.
Also note that if your prefix doesn’t end in a slash /, the STS credentials may allow access to unexpected keys, as S3 does not treat slashes specially. For example, a prefix of my-folder will allow access to my-folder/file.txt as expected, but also to my-folder.txt, which may not be intended.
See http://docs.taskcluster.net/auth/api-docs/#awsS3Credentials
APICallFailurepublic CallSummary<EmptyPayload,ExportedClients[]> exportClients() throws APICallFailure
Export all clients except the root client, as a JSON list. This list can be imported later using importClients.
See http://docs.taskcluster.net/auth/api-docs/#exportClients
APICallFailurepublic CallSummary<ExportedClients,ExportedClients[]> importClients(ExportedClients payload) throws APICallFailure
Import client from JSON list, overwriting any clients that already exists. Returns a list of all clients imported.
See http://docs.taskcluster.net/auth/api-docs/#importClients
APICallFailurepublic CallSummary<EmptyPayload,EmptyPayload> ping() throws APICallFailure
Documented later…
Warning this api end-point is not stable.
APICallFailureCopyright © 2014–2015 Mozilla. All rights reserved.