# Cassette

Library to generate and validate [CAS]( TGTs/STs

[![Build Status](](

## Installation

The package can be installed as:

  1. Add cassette to your list of dependencies in `mix.exs`:

        def deps do
          [{:cassette, "~> 1.1"}]

  2. Ensure cassette is started before your application:

        def application do
          [applications: [:cassette]]

## Usage with the default configuration

The module `Cassette` includes the functions to generate TGTs and STs

This will use the default configuration (in mix.config), please refer to `Cassete.Config` struct for the available keys (including expiration times).

config :cassette, username: "example-user"
config :cassette, password: "topsecret"
config :cassette, base_url: ""
config :cassette, base_authority: "EXAMPLE"
config :cassette, service: ""

`base_authority` helps on role validation and `service` is the default value used by `Cassette.validate/2`

This default configuration is returned by the `Cassette.Config.default` function.

Any of those values may be configured with a tuple, so configuration can be loaded using environment variables:

config :cassette, password: {:system, "SOME_ENVIRONMENT_VARIABLE"}

A round trip validation would look like this:

    $ iex -S mix

    iex> {:ok, tgt} = Cassette.tgt
    {:ok, "TGT-11692539-ZIvKZ6TlGUBX5DBgR6egYnVvJeHyJpM2oxApxlsIYEaX2dUd9x"}

    iex> {:ok, st} =
    {:ok, "ST-16175889-oqcTdH041YZeeLcQtYCL"}

    iex> Cassette.validate(st, Cassette.Config.default.service)
    {:ok, %Cassette.User{login: "sampleuser", authorities: ["ACME_ADMIN"...]}}

You are not required to call `Cassette.tgt`, it will be generated (or re-generated in case of expiration) when creating a ST.

## Multiple configurations

If you want to use multiple cas services you can create your own module and `use` the `Cassette.Support` macro module, you can define the `GenServer` name and/or provide a configuration.

defmodule MyCas do
  use Cassette.Support, process_name: :MyCasServer, config: %Cassette.Config{...}

This other Cas service must be started as well with `MyCas.start` before it can be used or it may be added to your supervision tree:

defmodule YourApp do
  def start(_type, _args) do
    import Supervisor.Spec, warn: false

    children = [
      # some other apps,

    opts = [strategy: :one_for_one, name: MyApp.Supervisor]
    Supervisor.started(children, opts)

## Using self signed servers

If you really really want to use insecure/self-signed certificates, use a `Cassette.Config` struct with `insecure` set to true.
You can also define in your `mix/config.exs` like:

use Mix.Config

config :cassette, :insecure, true

## Contributing

Check out [Contributing]( guide.