io.ktor.util / NonceManager

NonceManager

interface NonceManager

Represents a nonce manager. It’s responsibility is to produce nonce values and verify nonce values from untrusted sources that they are provided by this manager. This is usually required in web environment to mitigate CSRF attacks. Depending on it’s underlying implementation it could be stateful or stateless. Note that there is usually some timeout for nonce values to reduce memory usage and to avoid replay attacks. Nonce length is unspecified.

Functions

newNonce
abstract suspend fun newNonce(): String

Generate new nonce instance

verifyNonce
abstract suspend fun verifyNonce(nonce: String): Boolean

Verify nonce value

Inheritors

AlwaysFailNonceManager
object AlwaysFailNonceManager : NonceManager

Stub implementation that always fails. Will be removed so no public signatures should rely on it

GenerateOnlyNonceManager
object GenerateOnlyNonceManager : NonceManager

This implementation does only generate nonce values but doesn’t validate them. This is recommended for testing only.

StatelessHmacNonceManager
class StatelessHmacNonceManager : NonceManager

Stateless nonce manager implementation with HMAC verification and timeout. Every nonce provided by this manager consist of a random part, timestamp and HMAC.