def deserialize_verbose(token=submitted_token):
# START 1 OMIT
import macaroons
# token = "MDAyNmxvY2F0aW9uIGh0dHA6Ly93d3cucHl0aG9uLm9yLmlkLwowMDIzaWRlbnRpZmllciBrb3BkYXJfbWVtYmVyc19vbmx5CjAwMmZzaWduYXR1cmUgPTBa1YP4kNcWeZ9bEeBLautN8R9XueRXQ5uHZ4eQFxAK"
# first, we attempt to rehydrate a valid macaroon instance from the string # // HL
try:
print('Token to be deserialized: %s' % token)
submitted_macaroon = macaroons.deserialize(token) # // HL
# we can check its details
print('submitted_macaroon.inspect():')
print(submitted_macaroon.inspect())
except macaroons.MacaroonError:
print('The token provided is not a valid macaroon: %s' % token)
except:
print 'An unknown error occurred while deserializing the token'
#!/usr/bin/env python
import macaroons
from datetime import datetime, timedelta
client_token = 'MDAyNmxvY2F0aW9uIGh0dHA6Ly93d3cucHl0aG9uLm9yLmlkLwowMDIzaWRlbnRpZmllciBrb3BkYXJfbWVtYmVyc19vbmx5CjAwMTdjaWQgdXNlcmlkPXNoaXJrZXkKMDAyZnNpZ25hdHVyZSA9JIzWgSX2dH5F1eGGsPnNPg0axz7mkh6AnRByzR5/uAo='
# START 1 OMIT
# user can take the original token provided by the web service,
# and apply additional constraints to it
client_macaroon = macaroons.deserialize(client_token) # // HL
timeout = datetime.now().date() # // HL
new_macaroon = client_macaroon.add_first_party_caveat('date=%s' % timeout) # // HL
print 'newly constrained macaroon:\n', new_macaroon.inspect()
# this new token can now be delegated to another user for limited against the service
delegation_token = new_macaroon.serialize()
# END 1 OMIT
def deserialize(token=submitted_token):
import macaroons
return macaroons.deserialize(token)
def verify_token(token, secret=test_secret):
m = macaroons.deserialize(token)
v = macaroons.Verifier()
v.satisfy_general(check_time)
return v.verify(m, secret)
#!/usr/bin/env python
import macaroons
from create_the_token import get_secret
from datetime import datetime, timedelta
client_token = 'MDAyNmxvY2F0aW9uIGh0dHA6Ly93d3cucHl0aG9uLm9yLmlkLwowMDIzaWRlbnRpZmllciBrb3BkYXJfbWVtYmVyc19vbmx5CjAwMTdjaWQgdXNlcmlkPXNoaXJrZXkKMDAyZnNpZ25hdHVyZSA9JIzWgSX2dH5F1eGGsPnNPg0axz7mkh6AnRByzR5/uAo='
# user can take the original token provided by the web service,
# and apply additional constraints to it
client_macaroon = macaroons.deserialize(client_token) # // HL
timeout = datetime.now().date() # // HL
new_macaroon = client_macaroon.add_first_party_caveat('date=%s' % timeout) # // HL
print 'newly constrained macaroon:\n', new_macaroon.inspect()
# this new token can now be delegated to another user for limited against the service
delegation_token = new_macaroon.serialize()
path='shirkey'
# START 1 OMIT
# servis_kopdar obtains token from third party (not original client)
print delegation_token
asserting_macaroon = macaroons.deserialize(delegation_token)
print 'Asserting macaroon: \n', asserting_macaroon.inspect()
# the web service must support constraint checking for the specified caveat
# so let's add a check for this constraint
def get_access_to_user_resource_path(user_macaroon, resource_path):
# first, we establish our Verifier as before
v = macaroons.Verifier()
v.satisfy_exact('userid=%s' % resource_path)
v.satisfy_exact('date=%s' % datetime.now().date()) # // HL
return v.verify(user_macaroon, get_secret())
