|
|
|
@ -29,9 +29,9 @@ Specified caveats:
|
|
|
|
|
+-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
|
|
|
|
|
| user_id | ID of the user for which this macaroon is valid. | Pure equality check. Operator must be =. |
|
|
|
|
|
+-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
|
|
|
|
|
| type | The purpose of this macaroon. | access - used to authorize any action except token refresh |
|
|
|
|
|
| | | refresh - only used to authorize a token refresh |
|
|
|
|
|
| | | login - issued as a very short-lived token by third party login flows; proves that |
|
|
|
|
|
| type | The purpose of this macaroon. | - ``access``: used to authorize any action except token refresh |
|
|
|
|
|
| | | - ``refresh``: only used to authorize a token refresh |
|
|
|
|
|
| | | - ``login``: issued as a very short-lived token by third party login flows; proves that |
|
|
|
|
|
| | | authentication has happened but doesn't grant any privileges other than being able to be |
|
|
|
|
|
| | | exchanged for other tokens. |
|
|
|
|
|
+-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+
|
|
|
|
|