auth

package
v0.0.0-...-94bf3b9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2026 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const TenantHeader = "X-Defang-Tenant-Id"

Variables

View Source 
var (
	ErrInvalidAccessToken       = errors.New("invalid access token")
	ErrInvalidAuthorizationCode = errors.New("invalid authorization code")
	ErrInvalidRefreshToken      = errors.New("invalid refresh token")
	ErrPollTimeout              = errors.New("polling timed out")
)
View Source 
var OpenAuthClient = NewClient("defang-cli", pkg.Getenv("DEFANG_ISSUER", "https://auth.defang.io"))

Functions

func ExchangeCodeForToken 

func ExchangeCodeForToken(ctx context.Context, code AuthCodeFlow, ss ...scope.Scope) (string, error)

func GetAuthorizeUrl 

func GetAuthorizeUrl(authType string, parts ...string) string

func NewAuthInterceptor 

func NewAuthInterceptor(token string, requestedTenant types.TenantNameOrID, userAgent string) connect.Interceptor

func NewClient 

func NewClient(clientID, issuer string) *client

func Poll 

func Poll(ctx context.Context, key string) ([]byte, error)

func ValidatePKCE 

func ValidatePKCE(
	verifier string,
	challenge string,
	method Method,
) bool

func WaitForOAuthCode 

func WaitForOAuthCode(ctx context.Context, input WaitForOAuthCodeInput) (code, redirectURL string, err error)

WaitForOAuthCode starts a local HTTP server on a random port to receive an OAuth authorization code via redirect callback. It generates a random CSRF state value and calls BuildAuthURL with the redirect URL and state to construct the full authorization URL. The Prompt is printed to the terminal before opening the browser. Returns the authorization code and the redirect URL used for this flow.

Types

type AuthCodeFlow 

type AuthCodeFlow struct {
	// contains filtered or unexported fields
}

func StartAuthCodeFlow 

func StartAuthCodeFlow(ctx context.Context, mcpFlow LoginFlow, saveToken func(string), mcpClient string) (AuthCodeFlow, error)

type AuthorizeOption 

type AuthorizeOption = func(*AuthorizeOptions)

func WithPkce 

func WithPkce() AuthorizeOption

func WithProvider 

func WithProvider(provider string) AuthorizeOption

type AuthorizeOptions 

type AuthorizeOptions struct {
	// contains filtered or unexported fields
}

type AuthorizeResult 

type AuthorizeResult struct {
	// contains filtered or unexported fields
}

type Client 

type Client interface {
	/**
	 * Start the autorization flow.
	 * This returns a redirect URL and a challenge that you need to use later to verify the code.
	 */
	Authorize(redirectURI string, response ResponseType, opts ...AuthorizeOption) (*AuthorizeResult, error)
	/**
	 * Exchange the code for access and refresh tokens.
	 */
	Exchange(code string, redirectURI string, verifier string) (*ExchangeSuccess, error)
	/**
	 * Refreshes the tokens if they have expired. This is used in an SPA app to maintain the
	 * session, without logging the user out.
	 */
	Refresh(refresh string, opts ...RefreshOption) (*RefreshSuccess, error)
	/**
	 * Verify the token in the incoming request.
	 */
	Verify(token string, opts ...VerifyOption) (*VerifyResult, error)
}

type ErrNoBrowser 

type ErrNoBrowser struct {
	Err error
	URL string
}

func (ErrNoBrowser) Error 

func (e ErrNoBrowser) Error() string

type ErrUnexpectedStatus 

type ErrUnexpectedStatus struct {
	StatusCode int
	Status     string
}

func (ErrUnexpectedStatus) Error 

func (e ErrUnexpectedStatus) Error() string

type ExchangeSuccess 

type ExchangeSuccess struct {
	Tokens
}

type LoginFlow 

type LoginFlow bool
const (
	CliFlow LoginFlow = false
	McpFlow LoginFlow = true
)

type Method 

type Method string
const (
	PlainMethod Method = "plain"
	S256Method  Method = "S256"
)

type OAuthError 

type OAuthError struct {
	ErrorCode        string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

func (OAuthError) Error 

func (oe OAuthError) Error() string

type PKCE 

type PKCE struct {
	Verifier  string
	Challenge string
	Method
}

func GeneratePKCE 

func GeneratePKCE(length int, method Method) (PKCE, error)

type RefreshOption 

type RefreshOption func(*RefreshOptions)

func WithAccessToken 

func WithAccessToken(access string) RefreshOption

type RefreshOptions 

type RefreshOptions struct {
	// contains filtered or unexported fields
}

type RefreshSuccess 

type RefreshSuccess struct {
	Tokens
}

type ResponseType 

type ResponseType string
const (
	CodeResponseType  ResponseType = "code"
	TokenResponseType ResponseType = "token"
)

type Tokens 

type Tokens struct {
	AccessToken  string `json:"access_token,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
}

type UserDetails 

type UserDetails struct {
	Email string `json:"email"`
	Name  string `json:"name"`
}

type UserInfo 

type UserInfo struct {
	AllTenants []WorkspaceInfo `json:"allTenants"`
	User       UserDetails     `json:"userinfo"`
}

func FetchUserInfo 

func FetchUserInfo(ctx context.Context, accessToken string) (*UserInfo, error)

func (*UserInfo) FindWorkspaceInfo 

func (ui *UserInfo) FindWorkspaceInfo(tenantSelection types.TenantNameOrID) *WorkspaceInfo

type VerifyOption 

type VerifyOption func(*VerifyOptions)

func WithRefreshToken 

func WithRefreshToken(refresh string) VerifyOption

type VerifyOptions 

type VerifyOptions struct {
	// contains filtered or unexported fields
}

type VerifyResult 

type VerifyResult struct {
	*Tokens
}

type WaitForOAuthCodeInput 

type WaitForOAuthCodeInput struct {
	CallbackPath   string
	Prompt         string
	Title          string
	SuccessMessage string
	BuildAuthURL   func(redirectURL, state string) string
}

type WorkspaceInfo 

type WorkspaceInfo struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.