auth

func CompleteRemoteLogin ¶

func CompleteRemoteLogin(clientID, clientSecret, redirectURI, expectedState, pastedInput string) (*config.Tokens, error)

CompleteRemoteLogin extracts the authorization code from a pasted redirect URL, validates the state token against expectedState, and exchanges the code for tokens. Used for step 2 of the two-step remote login flow.

func ExtractCode ¶

func ExtractCode(input string) string

ExtractCode parses an authorization code from either a full URL or a bare code string. Exported for testing.

func GenerateState ¶

func GenerateState() (string, error)

GenerateState returns a 16-byte cryptographically random hex string suitable for use as an OAuth2 CSRF state token.

func IsLocalhost ¶

func IsLocalhost(u string) bool

IsLocalhost reports whether u is a localhost URI. Exported for testing.

func Login ¶

func Login(clientID, clientSecret, redirectURI string) (*config.Tokens, error)

Login initiates the OAuth2 authorization code flow.

If redirectURI is empty or a localhost URI, a local callback server is started on port 8089 to capture the code automatically.

If redirectURI is an external HTTPS URI, the auth URL is displayed and the user is prompted to paste either the full callback URL or just the code.

func RefreshIfExpired ¶

func RefreshIfExpired(cfg *config.Config) error

RefreshIfExpired checks whether the access token is expired (with a 30s buffer) and refreshes it if necessary, updating cfg in-place and saving it.

func RemoteAuthURL ¶

func RemoteAuthURL(clientID, redirectURI, state string) string

RemoteAuthURL builds a Strava authorization URL that includes a state token. Used for step 1 of the two-step remote login flow.

func SetTokenURL ¶

func SetTokenURL(u string) string

SetTokenURL overrides the token endpoint URL and returns the previous value. Intended for use in tests only.