A better kind of cookie.
Macaroons are a bearer credential format built around "caveats", i.e. conditions that must hold for a particular credential to be authorized. Using neat crypto tricks, anyone holding a Macaroon can add more caveats to a Macaroon, but once caveats are added they cannot be removed.
Is it any good?
Is it "Production Ready™"?
The library is ready for eager early adopters. If you're using Rust, you're probably one of those anyway.
The following features have been implemented:
- Creating Macaroons
- Verifying Macaroons
- First-party caveats
- Third-party caveats
- Serializing to base64url-encoded binary format
- Deserializing base64url-encoded Macaroons
- Verifying first-party caveats
The following features still need to be implemented:
- Discharge macaroons
- Verifying third-party caveats
Additional planned work:
- Nom-based parser (may require API changes)
V2 Format Support
A specification for a new, more compact "V2" format has been published.
This library has begun to implement it. In the process, the API is changing so that it can support both the old and new formats.
Pardon our dust.
Help and Discussion
Interested in Macaroons? Join the Macaroons Google Group:
You can also join by email by sending an email message here:
We're also on IRC at #macaroons on irc.freenode.net.
Copyright (c) 2015-2016 Tony Arcieri. Distributed under the MIT License. See LICENSE.txt for further details.