Skip to main content

Forges

Prerequisites

  • A Biscuit KeyPair

  • A datalog :

    • An array of biscuit Facts (could be empty)
    • An array of biscuit Checks (could be empty)
    • An array of biscuit Resources (could be empty)
    • An array of biscuit Rules (could be empty)

Entity Configuration

{
  "id": "biscuit-forge_5e704d23-3d25-47ec-ad53-54aebbd6121e",
  "name": "New biscuit forge",
  "description": "New biscuit forge",
  "metadata": {},
  "keypair_ref": "",
  "config": {
    "checks": [],
    "facts": [],
    "resources": [],
    "rules": [],
    "enable_ttl": true, // Boolean
    "ttl": 3600000 // Applied if enable_ttl is true
  },
  "tags": [],
  "remote_facts_ref": null
}

Demo

Firstly, let's create a new KeyPair.

If you follow the guide to create a Keypair entity we will reuse the same entity with ID biscuit-keypair_dev_d25612c6-b4d0-43ed-a711-16b6c09a5155.

If you didn't create a keypair let's create one :

curl -X POST \
  -H 'Content-Type: application/json' \
  -H 'Otoroshi-Client-Id: admin-api-apikey-id' \
  -H 'Otoroshi-Client-Secret: admin-api-apikey-secret' \
  "http://otoroshi-api.oto.tools:8080/apis/biscuit.extensions.cloud-apim.com/v1/biscuit-keypairs" \
  -d '{
  "id" : "biscuit-keypair_dev_d25612c6-b4d0-43ed-a711-16b6c09a5155",
  "name" : "New Biscuit Key Pair",
  "description" : "New biscuit KeyPair",
  "metadata" : { },
  "is_public": false,
  "pubKey" : "771F9E7FE62784502FE34CE862220586D3DB637D6A5ABAD254F7330369D3B357",
  "privKey" : "4379BE5B9AFA1A84F59D2417C20020EF1E47E0805945535B45616209D8867E50",
  "tags" : [ ]
}'

Then, we can create our new Forge entity.

The forge will use our keypair entity biscuit-keypair_dev_d25612c6-b4d0-43ed-a711-16b6c09a5155 as a reference in order to get the Public and the Private keys to generate new Eclipse Biscuit tokens.

curl -X POST \
  -H 'Content-Type: application/json' \
  -H 'Otoroshi-Client-Id: admin-api-apikey-id' \
  -H 'Otoroshi-Client-Secret: admin-api-apikey-secret' \
  "http://otoroshi-api.oto.tools:8080/apis/biscuit.extensions.cloud-apim.com/v1/biscuit-forges" \
  -d '{
    "id": "biscuit-forge_dev_5e704d23-3d25-47ec-ad53-54aebbd6121e",
    "name": "New biscuit forge",
    "description": "New biscuit forge",
    "metadata": {},
    "keypair_ref": "biscuit-keypair_dev_d25612c6-b4d0-43ed-a711-16b6c09a5155",
    "config": {
      "checks": [
        "check if operation(\"read\")"
      ],
      "facts": [
        "user(\"1234\")"
      ],
      "resources": [],
      "rules": [],
      "enable_ttl": false,
      "ttl": 3600000
    },
    "tags": [],
    "remote_facts_ref": null
}'

To generate our tokens we need to call our Otoroshi API endpoint as following :

curl -X POST \
  -H 'Content-Type: application/json' \
  -H 'Otoroshi-Client-Id: admin-api-apikey-id' \
  -H 'Otoroshi-Client-Secret: admin-api-apikey-secret' \
  "http://otoroshi-api.oto.tools:8080/api/extensions/biscuit/biscuit-forges/biscuit-forge_dev_5e704d23-3d25-47ec-ad53-54aebbd6121e/_generate"

Result :

{
  "token": "Eo0BCiMKBDEyMzQYAyIJCgcIChIDGIAIMg4KDAoCCBsSBggDEgIYABIkCAASIPCKFpXk1RhZiJoXZ0BHvsic65rH5MDSWZJt-8Rn1_XBGkDGK2CcUBcIdt7p3XmDCAEvYrFpB8w6nVPYz9vYFLUQ8M1wTSNaoP7M1UdD5S6AkA0ZJAaVkWsUHdcOgwNpiPwMIiIKIMHFnoE_nPPkAxIDCZ102kwX3z3SoXHp2xQCKik_38Fd"
}

Congratulations ! You've created your first tokens forge and you will be able to reuse it as many times as you need.