ktor-utils / io.ktor.util / NonceManager

NonceManager

interface NonceManager

Represents a nonce manager. It's responsibility is to produce nonce values and verify nonce values from untrusted sources that they are provided by this manager. This is usually required in web environment to mitigate CSRF attacks. Depending on it's underlying implementation it could be stateful or stateless. Note that there is usually some timeout for nonce values to reduce memory usage and to avoid replay attacks. Nonce length is unspecified.

Functions

newNonce	`abstract suspend fun newNonce(): String` Generate new nonce instance
verifyNonce	`abstract suspend fun verifyNonce(nonce: String): Boolean` Verify nonce value

Inheritors

AlwaysFailNonceManager	`object AlwaysFailNonceManager : NonceManager` Stub implementation that always fails. Will be removed so no public signatures should rely on it
GenerateOnlyNonceManager	`object GenerateOnlyNonceManager : NonceManager` This implementation does only generate nonce values but doesn't validate them. This is recommended for testing only.
StatelessHmacNonceManager	`class StatelessHmacNonceManager : NonceManager` Stateless nonce manager implementation with HMAC verification and timeout. Every nonce provided by this manager consist of a random part, timestamp and HMAC.