SciTokens C++ Library Documentation

SciTokens provide a token format for distributed authorization. The tokens are self-describing, can be verified in a distributed fashion (no need to contact the issuer to determine if the token is valid). This is convenient for a federated environment where several otherwise-independent storage endpoints want to delegate trust for an issuer for managing a storage allocation.

The SciTokens C++ library implements a minimal library for creating and using SciTokens from C or C++.

Contents:

• Installation
  • Dependencies
  • Building from Source
  • Installation
  • Package Installation
  • Testing the Installation
• API Reference
  • SciTokenKey
  • SciToken
  • Validator
  • Enforcer
  • SciTokenStatus
  • Configuration
  • StringValidatorFunction
  • Acl
  • SciTokenProfile
  • _profile
  • scitoken_key_create()
  • scitoken_key_destroy()
  • scitoken_create()
  • scitoken_destroy()
  • scitoken_set_claim_string()
  • scitoken_get_claim_string()
  • scitoken_get_claim_string_list()
  • scitoken_free_string_list()
  • scitoken_set_claim_string_list()
  • scitoken_get_expiration()
  • scitoken_set_lifetime()
  • scitoken_serialize()
  • scitoken_set_serialize_profile()
  • scitoken_set_serialize_mode()
  • scitoken_set_deserialize_profile()
  • scitoken_deserialize()
  • scitoken_deserialize_start()
  • scitoken_deserialize_continue()
  • scitoken_deserialize_v2()
  • scitoken_store_public_ec_key()
  • validator_create()
  • validator_set_token_profile()
  • validator_set_time()
  • validator_add()
  • validator_add_critical_claims()
  • validator_validate()
  • validator_destroy()
  • enforcer_create()
  • enforcer_destroy()
  • enforcer_set_validate_profile()
  • enforcer_set_time()
  • enforcer_generate_acls()
  • enforcer_generate_acls_start()
  • enforcer_generate_acls_continue()
  • enforcer_acl_free()
  • enforcer_test()
  • scitoken_status_free()
  • scitoken_status_get_timeout_val()
  • scitoken_status_get_read_fd_set()
  • scitoken_status_get_write_fd_set()
  • scitoken_status_get_exc_fd_set()
  • scitoken_status_get_max_fd()
  • keycache_refresh_jwks()
  • keycache_get_cached_jwks()
  • keycache_set_jwks()
  • keycache_set_background_refresh()
  • keycache_stop_background_refresh()
  • keycache_load_jwks()
  • keycache_get_jwks_metadata()
  • keycache_delete_jwks()
  • config_set_int()
  • scitoken_config_set_int()
  • config_get_int()
  • scitoken_config_get_int()
  • scitoken_config_set_str()
  • scitoken_config_get_str()
  • scitoken_get_monitoring_json()
  • scitoken_reset_monitoring_stats()
  • Acl_s
• Examples
  • Simple Token Creation
  • Creating and Signing a Token
  • Token Validation with Enforcer
  • Complete Example: Create, Sign, and Validate

Quick Start

This library provides both C and C++ APIs for working with SciTokens. The primary interface is through the C API defined in scitokens.h.

Key Features:

• Create and sign SciTokens

• Validate and verify SciTokens

• Generate Access Control Lists (ACLs) from tokens

• Support for multiple token profiles (SciTokens 1.0/2.0, WLCG, AT+JWT)

• Asynchronous token operations

Indices and tables

• Index

• Module Index

• Search Page