An application configuration to supply custom settings for issued cookies, such as security settings, expiration, domain, etc.
Requires a CookieSigner to sign the tokens.
Removes any issued AuthenticityToken or SignedToken from a Result
.
Removes any issued AuthenticityToken or SignedToken from a Result
.
The Result
to remove all issued tokens from.
A new Result
without any issued tokens.
Attempts to extract an AuthenticityToken from a RequestHeader
.
Attempts to extract an AuthenticityToken from a RequestHeader
.
The RequestHeader
to extract the token from.
An AuthenticityToken if the request contains a token with a valid signature. Otherwise, None
.
Puts an AuthenticityToken into a Result
to return to a user.
Puts an AuthenticityToken into a Result
to return to a user.
The AuthenticityToken to be issued to a user.
A Result
containing a SignedToken or AuthenticityToken.
Signs an AuthenticityToken and concatenates it with its signature.
Signs an AuthenticityToken and concatenates it with its signature. ("$${signature}$${token}") The resulting SignedToken is meant to be issued to a user (e.g., within a cookie).
The AuthenticityToken to sign.
The signature of the AuthenticityToken concatenated with the token itself.
Requires a CookieSigner to sign the tokens.
Requires a CookieSigner to sign the tokens.
Verifies that a SignedToken token is valid by comparing the stored signature in the SignedToken to the signature of the raw AuthenticityToken that is part of the SignedToken.
Verifies that a SignedToken token is valid by comparing the stored signature in the SignedToken to the signature of the raw AuthenticityToken that is part of the SignedToken. In order for any SignedToken to be valid, it must be issued via the TokenAccessor#sign method.
The SignedToken to validate.
The contained AuthenticityToken if the signature is valid, otherwise None
.
A TokenAccessor that stores SignedTokens within cookies.