using System.Collections.Generic;
namespace OwinFramework.InterfacesV1.Facilities
{
///
/// Defines the possible results of trying to use a token for a specific purpose
///
public enum TokenStatus
{
///
/// This token is allowed to be used for the specified purpose
///
Allowed = 1,
///
/// This token is not allowed to be used for the specified
/// purpose at this time but it could be valid in the future
/// for this purpose or for another purposes.
/// When this status is returned it could be that the token has expired,
/// been used too many times, has been used too frequently, or
/// it was not created for this purpose
///
NotAllowed = 2,
///
/// This token is no longer valid and any future attempts to check
/// the status of this token will also result in this same status result.
///
Invalid = 3
}
///
/// An object of this type is returned by the token facility
///
public interface IToken
{
///
/// The URL friendly unique identifier for this token
///
string Value { get; }
///
/// The current status of the token for the requested purpose
///
TokenStatus Status { get; }
///
/// An optional identity associated with the token
///
string Identity { get; }
///
/// The purpose for which this token was checked
///
string Purpose { get; }
}
///
/// Defines a token management facility. Any middleware that needs to use
/// tokens can add a dependency on this interface. The application developer
/// must implement this interface or include a package in thier application
/// that provides it.
///
/// Example usage:
/// The user forgot their password and requested a password reset email.
/// The email needs to contain a url that the user can click that brings
/// the user to a page where they can reset their password. The url needs
/// to be opaque (ie no user id in plain text). This url should
/// only be valid for a specific user, should only work once, and
/// should only be valid for a limited time. This can be achieved by creating
/// a token whose types is configured for single use with validity period and
/// contains the user's identity.
///
public interface ITokenStore
{
///
/// Creates a URL friendly token of the specified type and with a list of
/// allowed purposes.
///
/// The application can define whatever token types
/// make sense to the application. It is expected that implementations of
/// this facility will allow configuration of token types with things
/// like period of validity, number of times they can be used etc.
/// Optional list of purposes that this token is
/// valid for. For example an application can create a token that
/// represents a user but can only be used for viewing certain kinds
/// of data and can not change anything.
/// Optional identity associated with the token. This
/// can be thought of as a user id except that it's not always a user, it
/// could just as easily be a service, machine etc.
/// A unique short string containing none of the url reserved characters
string CreateToken(string tokenType, IEnumerable purpose = null, string identity = null);
///
/// Creates a URL friendly token of the specified type and a specific purpose
///
/// The application can define whatever token types
/// make sense to the application. It is expected that implementations of
/// this facility will allow configuration of token types with things
/// like period of validity, number of times they can be used etc.
/// The only purpose that is allowed with this token
/// Optional identity associated with the token. This
/// can be thought of as a user id except that it's not always a user, it
/// could just as easily be a service, machine etc.
/// A unique short string containing with none of the url reserved characters
string CreateToken(string tokenType, string purpose, string identity = null);
///
/// Deletes a token making it invalid. This is how you would invalidate an
/// authentication token when a user logs out
///
/// A token that was returned by one of the CreateToken overrides
/// True if the token was deleted and False if the token did not exist
bool DeleteToken(string token);
///
/// Checks if a token is valid for the specified purpose. The token will be invalid
/// if the token has expired or been used too many times etc. The token will only
/// be valid if the purpose passed to this method is one of the purposes that was
/// passed when the token was created.
///
/// The application can define whatever token types
/// make sense to the application. It is expected that implementations of
/// this facility will allow configuration of token types with things
/// like period of validity, number of times they can be used etc.
/// A token that was returned by one of the CreateToken overrides
/// The purpose that this token is being used for
/// An optional identity. If you pass this then the token
/// store will check that this is the identity associated with the token. If you
/// pass null then this check will be skipped
/// Information about the validity of this token for this purpose by this identity
IToken GetToken(string tokenType, string token, string purpose = null, string identity = null);
}
}