The Token Manager¶
This describes the interactions with token manager. This server allows Vector to protect any-old application from connecting to it. Instead it requires proof that the application "knows" the users account name and password. That proof is in the form of a token given to it and the application after the application has authenticated with the token manager.
The commands include:
- Primary user management: associating a user or client, refreshing the association, and remove the association
- Revoking tokens; listing the revoked tokens
- Revoking a factory certificate
Common Elments¶
The enumerations and structures in this section are common to many commands.
Structures¶
StsToken¶
The StsToken structure has the following fields:
Table: Parameters for the STS token structure
| Field | Type | Description |
|---|---|---|
| access_key_id | ||
| expiration | ||
| secret_access_key | ||
| session_token | The token from the security token service for the session. |
TokenBundle¶
The TokenBundle structure has the following fields:
Table: Parameters for the token bundle structure
| Field | Type | Description |
|---|---|---|
| client_token | ||
| sts_token | The token from the security token service | |
| token |
TokenPage¶
The TokenPage structure has the following fields:
Table: Parameters for the token page structure
| Field | Type | Description |
|---|---|---|
| done | ||
| last_key | ||
| tokens | ???[] |
Commands and Responses¶
Associate Primary User¶
This command is used to TBD? See also the disassociate primary user and reassociate primary user commands
Request¶
The AssociatePrimaryUserRequest request message has the following fields:
Table: Parameters for the associate primary user request
| Field | Type | Description |
|---|---|---|
| app_id | ||
| client_name | ||
| expiration_minutes | ||
| generate_sts_token | ||
| revoke_client_tokens | ||
| session_certificate | ||
| skip_client_token |
Response¶
The AssociatePrimaryUserResponse response message has the following fields:
Table: Parameters for the associate primary user response
| Field | Type | Description |
|---|---|---|
| data |
Associate Secondary Client¶
This command is used to TBD?
Request¶
The AssociateSecondaryClientRequest request message has the following fields:
Table: Parameters for the associate secondary client request
| Field | Type | Description |
|---|---|---|
| app_id | ||
| client_name | ||
| user_session |
Response¶
The AssociateSecondaryClientResponse response message has the following fields:
Table: Parameters for the associate secondary client response
| Field | Type | Description |
|---|---|---|
| data |
Disassociate Primary User¶
This command is used to TBD? See also the associate primary user and reassociate primary user commands.
Request¶
The DisassociatePrimaryUserRequest request message has no fields.
Response¶
The DisassociatePrimaryUserResponse response message has no fields.
List Revoked Tokens¶
This command is used to TBD?
Request¶
The ListRevokedTokensRequest request message has the following fields:
Table: Parameters for the list revoked tokens request
| Field | Type | Description |
|---|---|---|
| previous_key |
Response¶
The ListRevokedTokensResponse response message has the following fields:
Table: Parameters for the list revoked tokens response
| Field | Type | Description |
|---|---|---|
| data |
Reassociate Primary User¶
This command is used to TBD? See also the associate primary user and disassociate primary user commands.
Request¶
The ReassociatePrimaryUserRequest request message has the following fields:
Table: Parameters for the reassociate primary user request
| Field | Type | Description |
|---|---|---|
| app_id | ||
| client_name | ||
| expiration_minutes | ||
| generate_sts_token | ||
| skip_client_token |
Response¶
The ReassociatePrimaryUserResponse response message has the following fields:
Table: Parameters for the reassociate primary user response
| Field | Type | Description |
|---|---|---|
| data |
Refreshing a Token¶
This command is used to TBD?
Request¶
The RefreshTokenRequest request message has the following fields:
Table: Parameters for the refresh token request
| Field | Type | Description |
|---|---|---|
| expiration_minutes | ||
| refresh_jwt_tokens | ||
| refresh_sts_tokens |
Response¶
The RefreshTokenResponse response message has the following fields:
| Field | Type | Description |
|---|---|---|
| data |
Revoking a Factory Certificate¶
This command is used to TBD?
Request¶
The RevokeFactoryCertificateRequest request message has the following fields:
Table: Parameters for the revoke factory certificate request
| Field | Type | Description |
|---|---|---|
| certificate_id |
Response¶
The RevokeFactoryCertificateResponse response message no fields/
Revoking a Token¶
This command is used to TBD?
Request¶
The RevokeTokensRequest request message has the following fields:
Table: Parameters for the revoke tokens request
| Field | Type | Description |
|---|---|---|
| key | ||
| search_by_index |
Response¶
The RevokeTokensResponse response message has the following fields:
Table: Parameters for the revoke tokens response
| Field | Type | Description |
|---|---|---|
| tokens_revoked | [] | A list of the tokens that have been revoked. |