diff --git a/drafts/macaroons_caveats.rst b/drafts/macaroons_caveats.rst index 11e36e59..de5973fa 100644 --- a/drafts/macaroons_caveats.rst +++ b/drafts/macaroons_caveats.rst @@ -29,11 +29,11 @@ Specified caveats: +-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+ | user_id | ID of the user for which this macaroon is valid. | Pure equality check. Operator must be =. | +-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+ -| type | The purpose of this macaroon. | access - used to authorize any action except token refresh | -| | | refresh - only used to authorize a token refresh | -| | | login - issued as a very short-lived token by third party login flows; proves that | -| | | authentication has happened but doesn't grant any privileges other than being able to be | -| | | exchanged for other tokens. | +| type | The purpose of this macaroon. | - ``access``: used to authorize any action except token refresh | +| | | - ``refresh``: only used to authorize a token refresh | +| | | - ``login``: issued as a very short-lived token by third party login flows; proves that | +| | | authentication has happened but doesn't grant any privileges other than being able to be | +| | | exchanged for other tokens. | +-------------+--------------------------------------------------+------------------------------------------------------------------------------------------------+ | time | Time before/after which this macaroon is valid. | A POSIX timestamp in milliseconds (in UTC). | | | | Operator < means the macaroon is valid before the timestamp, as interpreted by the server. |