#include <IPersonalAccessTokenManager.h>
Inherits iser::ISerializable.
Inherited by imtauth::CPersonalAccessTokenManagerComp [virtual], and imtauthgql::CClientRequestPersonalAccessTokenManagerComp [virtual].
|
| virtual TokenCreationResult | CreateToken (const QByteArray &userId, const QString &name, const QString &description, const QByteArrayList &scopes, const QDateTime &expiresAt)=0 |
| |
| virtual bool | ValidateToken (const QByteArray &rawToken, QByteArray &userId, QByteArray &tokenId, QByteArrayList &scopes) const =0 |
| |
| virtual QByteArrayList | GetTokenIds (const QByteArray &userId) const =0 |
| |
| virtual IPersonalAccessTokenSharedPtr | GetToken (const QByteArray &tokenId) const =0 |
| |
| virtual bool | RevokeToken (const QByteArray &tokenId)=0 |
| |
| virtual bool | UpdateLastUsedAt (const QByteArray &tokenId)=0 |
| |
| virtual bool | DeleteToken (const QByteArray &tokenId)=0 |
| |
Interface for managing personal access tokens.
This interface provides operations for creating, validating, revoking, and managing personal access tokens (PATs) for API authentication. Tokens are securely generated and stored as SHA-256 hashes for security.
Implements IChangeable to notify observers when tokens are created, revoked, or deleted.
Definition at line 28 of file IPersonalAccessTokenManager.h.
◆ CreateToken()
| virtual TokenCreationResult imtauth::IPersonalAccessTokenManager::CreateToken |
( |
const QByteArray & |
userId, |
|
|
const QString & |
name, |
|
|
const QString & |
description, |
|
|
const QByteArrayList & |
scopes, |
|
|
const QDateTime & |
expiresAt |
|
) |
| |
|
pure virtual |
Create a new personal access token.
Generates a cryptographically secure random token, hashes it with SHA-256, and stores it in the collection. The raw token value is returned only once and should be saved by the caller as it cannot be retrieved later.
- Parameters
-
| userId | User ID who owns the token |
| name | Human-readable name for the token |
| description | Description of the token's purpose |
| scopes | List of permission scopes to grant to this token |
| expiresAt | Optional expiration timestamp (invalid QDateTime for no expiration) |
- Returns
- TokenCreationResult containing the token ID and raw token value
◆ DeleteToken()
| virtual bool imtauth::IPersonalAccessTokenManager::DeleteToken |
( |
const QByteArray & |
tokenId | ) |
|
|
pure virtual |
Delete a personal access token.
Permanently removes the token from the collection. This operation cannot be undone. Consider using RevokeToken() instead for audit trail purposes.
- Parameters
-
| tokenId | Token ID to delete |
- Returns
- True if token was deleted successfully, false if token not found
◆ GetToken()
| virtual IPersonalAccessTokenSharedPtr imtauth::IPersonalAccessTokenManager::GetToken |
( |
const QByteArray & |
tokenId | ) |
const |
|
pure virtual |
Get token information by token ID.
Returns a copy of the token object with all metadata except the raw token value (which is never stored or retrievable).
- Parameters
-
| tokenId | Token ID to retrieve |
- Returns
- Shared pointer to token object, or nullptr if not found
◆ GetTokenIds()
| virtual QByteArrayList imtauth::IPersonalAccessTokenManager::GetTokenIds |
( |
const QByteArray & |
userId | ) |
const |
|
pure virtual |
Get list of token IDs for a specific user.
- Parameters
-
| userId | User ID to get tokens for |
- Returns
- List of token IDs owned by the user
◆ RevokeToken()
| virtual bool imtauth::IPersonalAccessTokenManager::RevokeToken |
( |
const QByteArray & |
tokenId | ) |
|
|
pure virtual |
Revoke a personal access token.
Marks the token as revoked, immediately invalidating it for authentication. The token remains in the collection for audit purposes but cannot be used.
- Parameters
-
| tokenId | Token ID to revoke |
- Returns
- True if token was revoked successfully, false if token not found
◆ UpdateLastUsedAt()
| virtual bool imtauth::IPersonalAccessTokenManager::UpdateLastUsedAt |
( |
const QByteArray & |
tokenId | ) |
|
|
pure virtual |
Update the last used timestamp for a token.
Records when the token was last successfully used for authentication. This information can be used for monitoring and security auditing.
- Parameters
-
| tokenId | Token ID to update |
- Returns
- True if timestamp was updated successfully, false if token not found
◆ ValidateToken()
| virtual bool imtauth::IPersonalAccessTokenManager::ValidateToken |
( |
const QByteArray & |
rawToken, |
|
|
QByteArray & |
userId, |
|
|
QByteArray & |
tokenId, |
|
|
QByteArrayList & |
scopes |
|
) |
| const |
|
pure virtual |
Validate a personal access token.
Checks if the provided token is valid by comparing its hash against stored hashes. Validates that the token is not revoked and not expired. Uses constant-time comparison to prevent timing attacks.
- Parameters
-
| rawToken | Plain text token value to validate |
| [out] | userId | User ID associated with the token (if valid) |
| [out] | tokenId | Token ID associated with the token (if valid) |
| [out] | scopes | Permission scopes granted to the token (if valid) |
- Returns
- True if token is valid, false if invalid, revoked, or expired
