An environment in which authentication is performed.
An environment in which authentication is performed.
It is expected that you will have a singleton instance of this class for
your entire app/service. The default
method in the companion object
creates an instance with some reasonable defaults and caching.
It is not strictly necessary to use this class, but it certain classes such
as EncryptedCodec
and SignedCodec
have convenient instantiation methods
that take an authentication environment.
The environment can also be set up for asymmetric signing and verification. To set it up for asymmetric signing, set the signing key. For asymmetric verification, set the verify key. Both can be set if the library user needs to perform both functions.
the context wrapping most of the results of the environment.
For example, F
is usually AuthResult
, which means that an F[A]
is either an AuthFailure
or a successful A
.
An error encountered during authentication.
The SafeHolder utility provide safe reuse of objects that could not be shared between thread (not thread-safe) like many java crypto objects, e.g.
The SafeHolder utility provide safe reuse of objects that could not be shared between thread (not thread-safe) like many java crypto objects, e.g. Cipher.
An HMAC-based implementation of Signer that caches Mac
instances to
reduce the overhead of initialization.
An HMAC-based implementation of Signer that caches Mac
instances to
reduce the overhead of initialization.
Caching a per-key Mac
instead of just a thread-local Mac
would remove
the need to initialize the mac on each signature, but benchmarks show that
it doesn't make a significant performance difference.
A Signer
computes a signature (such as a checksum) of data.
A Signer
computes a signature (such as a checksum) of data.
The context in which results are wrapped. This allows a Signer to return a possible failure via Option, a disjunction, etc.
A TokenAuthenticator can authenticate with a provided encoded token and can serialize a decoded token.
A TokenAuthenticator can authenticate with a provided encoded token and can serialize a decoded token.
the form of the serialized token (for example String for tokens that are base-64-encoded).
the result of successful authentication
(for example an AuthToken
or User
model).
The serialization version of a token.
The serialization version of a token.
While the major/minor/micro versions are represented as Int
at runtime,
note that the serializer treats them as unsigned integers, so their range is
0 to 255.
We must increment major whenever there are incompatible structural changes on the part of the core library:
Set of cipher functions for Web Service Key (WSK-based) authentication
exposed through instances of Encryptor
and Decryptor
Set of cipher functions for Web Service Key (WSK-based) authentication
exposed through instances of Encryptor
and Decryptor
CBC mode is used with a dynamic initialization vector.
There is a large performance improvement with caching a cipher per-thread and reusing it instead of creating new cipher instances.