This directory contains an implementation of a service that generates and validates various tokens used in LUCI authentication protocol.
In particular, this service implements so called “machine tokens” used for authenticating Swarming bots:
luci_machine_tokend executable periodically runs and uses the private key and certificate when calling
MintMachineToken gRPC method of the token server.
api: gRPC protocol definition and autogenerated Go code.
appengine: server implementation (runs on Standard GAE).
auth/machine: implementation of the token checking logic that can be used by backends that want to use machine tokens. Swarming service uses same logic (implemented in Python).
client: library that wraps
TokenMinter gRPC API into a usable form. It implements logic for reading and using TLS certificate and private keys.
cmd/luci_machine_tokend: executable deployed on all bots. It knows how to generate machine tokens given a TLS certificate and private key.
testing: local integration test that checks interaction of
luci_machine_tokend with the server (and some other things, such as certificate revocation list updates).