Bases: object
Fast Revocation Checking Tree Structure
The Tree is an index to quickly match tokens against events. Each node is a hashtable of key=value combinations from revocation events. The
Updates the tree based on a revocation event.
Creates any necessary internal nodes in the tree corresponding to the fields of the revocation event. The leaf node will always be set to the latest ‘issued_before’ for events that are otherwise identical.
Param: | Event to add to the tree |
---|---|
Returns: | the event that was passed in. |
Check if a token matches the revocation event
Compare the values for each level of the tree with the values from the token, accounting for attributes that have alternative keys, and for wildcard matches. if there is a match, continue down the tree. if there is no match, exit early.
token_data is a map based on a flattened view of token. The required fields are:
‘expires_at’,’user_id’, ‘project_id’, ‘identity_domain_id’, ‘assignment_domain_id’, ‘trust_id’, ‘trustor_id’, ‘trustee_id’ ‘consumer_id’, ‘access_token_id’
Update the tree based on the removal of a Revocation Event
Removes empty nodes from the tree from the leaf back to the root.
If multiple events trace the same path, but have different ‘issued_before’ values, only the last is ever stored in the tree. So only an exact match on ‘issued_before’ ever triggers a removal
Param: | Event to remove from the tree |
---|
Unified in-memory token model.