This directory contains an implementation of a service that generates and validates various tokens used in LUCI authentication protocol.
In particular, this service implements so called “machine tokens” used for authenticating Swarming bots:
luci_machine_tokend
executable periodically runs and uses the private key and certificate when calling MintMachineToken
gRPC method of the token server.X-Luci-Machine-Token
header).api
: gRPC protocol definition and autogenerated Go code.appengine
: server implementation (runs on Standard GAE).auth/machine
: implementation of the token checking logic that can be used by backends that want to use machine tokens. Swarming service uses same logic (implemented in Python).client
: library that wraps TokenMinter
gRPC API into a usable form. It implements logic for reading and using TLS certificate and private keys.cmd/luci_machine_tokend
: executable deployed on all bots. It knows how to generate machine tokens given a TLS certificate and private key.testing
: local integration test that checks interaction of luci_machine_tokend
with the server (and some other things, such as certificate revocation list updates).