Loading

TOKENGEN

Extension: io.warp10.script.ext.token.TokenWarpScriptExtension

extensions platform
Configuration parameters

Generates a token given a map of parameters. The TOKENGEN function outputs a map.

The input parameter map contains the following entries:

KeyTypeDescription
idSTRINGOptional identifier that will be put verbatim in the result map
typeSTRINGREAD or WRITE depending on the type of token to generate
ownerSTRINGUUID of the owner associated with the token
producerSTRINGUUID of the producer associated with the token
applicationSTRINGName of application associated with the token
issuanceLONGIssuance timestamp of the token, in milliseconds since the Unix Epoch
expiryLONGExpiry timestamp of the token, in milliseconds since the Unix Epoch
ttlLONGIf expiry is not specified, a time to live can be set with this key. The TTL is expressed in milliseconds, the computed expiry timestamp will be the issuance timestamp plus the ttl
labelsMAPMap of labels which will be added to the pushed Geo Time Series™ int the case of a WRITE token, or map of label selectors which will be added to the selection criteria for a READ token
attributesMAPMap of attributes attached to the token

When generating a READ token, the following parameters are needed to ensure data isolation:

KeyTypeDescription
ownersLISTList of owners the READ token can access, they will be added to the selection criteria
producersLISTList of producers the READ token can access, they will be added to the selection criteria
applicationsLISTList of applications the READ token can access, they will be added to the selection criteria

If one of these parameter key is not set or set to an empty list, then the generated READ token will be granted access to all the scope associated with the parameter key. For example, if owners is not set, data from all owners will be accessible to this token.

The TOKENGEN function outputs a map with the following keys:

KeyTypeDescription
tokenSTRINGGenerated token
identLONGTokenIdent associated with token, can be used in a TRL
idSTRINGOptional identifier if the id key was specified in the parameter map

Note that the TOKENGEN function can only be called using the Worf tool if the token.secret configuration was not set.

Since 2.7.3, Siphash and AES key can be specified to create the token.

TOKENGEN is available since version 2.0.0.

See also

Signatures