Documentation
¶
Index ¶
- func GenerateState() string
- type Client
- func (c *Client) AuthorizeURL(state string) string
- func (c *Client) DeviceCode(ctx context.Context) (*DeviceCodeResponse, error)
- func (c *Client) ExchangeCode(ctx context.Context, code, codeVerifier string) (*TokenResponse, error)
- func (c *Client) ExchangeDeviceToken(ctx context.Context, deviceCode string, userCode string) (*TokenResponse, error)
- func (c *Client) PollToken(ctx context.Context, deviceCode, userCode string, interval int) (*TokenResponse, error)
- func (c *Client) RefreshToken(ctx context.Context, refreshToken string) (*TokenResponse, error)
- type Config
- type DeviceCodeResponse
- type Handler
- type OAuthManager
- func (m *OAuthManager) Complete(ctx context.Context, token *Token) error
- func (m *OAuthManager) GetToken(ctx context.Context) (string, error)
- func (m *OAuthManager) LoadCredentials(ctx context.Context) (*authTypes.Credentials, error)
- func (m *OAuthManager) Login(ctx context.Context) (userCode, url string, err error)
- func (m *OAuthManager) Stop()
- func (m *OAuthManager) StoreCredentials(ctx context.Context, creds *authTypes.Credentials) error
- type ProviderConfig
- type Server
- type ServerConfig
- type SimpleAuthenticator
- type Token
- type TokenResponse
- type TokenType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client represents an OAuth client
func (*Client) AuthorizeURL ¶
AuthorizeURL generates the authorization URL for the browser PKCE flow.
func (*Client) DeviceCode ¶
func (c *Client) DeviceCode(ctx context.Context) (*DeviceCodeResponse, error)
DeviceCode initiates OpenAI's device auth flow. Calls the OpenAI-specific /api/accounts/deviceauth/usercode endpoint with a JSON body — NOT the standard RFC 8628 Auth0 device_code endpoint.
func (*Client) ExchangeCode ¶
func (c *Client) ExchangeCode(ctx context.Context, code, codeVerifier string) (*TokenResponse, error)
ExchangeCode exchanges an authorization code for tokens (browser flow). codeVerifier should be provided for PKCE flows; pass empty string otherwise.
func (*Client) ExchangeDeviceToken ¶
func (c *Client) ExchangeDeviceToken(ctx context.Context, deviceCode string, userCode string) (*TokenResponse, error)
ExchangeDeviceToken polls OpenAI's device token endpoint. On pending: returns an "authorization_pending" error (caller should retry). On success: performs the PKCE token exchange and returns full tokens. Both deviceCode (device_auth_id) and userCode are required for the poll body.
func (*Client) PollToken ¶
func (c *Client) PollToken(ctx context.Context, deviceCode, userCode string, interval int) (*TokenResponse, error)
PollToken polls for a token until the user completes auth (blocks; for CLI use).
func (*Client) RefreshToken ¶
RefreshToken refreshes an OAuth token
type Config ¶
type Config struct {
BaseURL string // Base URL for OAuth provider (auth server root)
ClientID string // OAuth client ID
ClientSecret string // OAuth client secret (optional)
AuthURL string // Authorization endpoint (browser PKCE flow)
TokenURL string // Token endpoint
DeviceAuthURL string // Device usercode endpoint (OpenAI custom API)
DeviceTokenURL string // Device token poll endpoint (OpenAI custom API)
Scopes []string // OAuth scopes
RedirectURI string // Redirect URI
HTTPClient *http.Client
}
Config represents OAuth client configuration
func DefaultOpenAIConfig ¶
func DefaultOpenAIConfig() *Config
DefaultOpenAIConfig returns OAuth config for ChatGPT authentication. Uses the same device auth flow as Codex CLI (github.com/openai/codex). Issuer: https://auth.openai.com
type DeviceCodeResponse ¶
type DeviceCodeResponse struct {
DeviceCode string // maps to device_auth_id in OpenAI's API
UserCode string
VerificationURI string
VerificationURIComplete string
ExpiresIn int
Interval int
}
DeviceCodeResponse represents the normalised device code response.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler handles the complete OAuth device flow
func (*Handler) WaitComplete ¶
WaitComplete waits for the user to complete authentication
type OAuthManager ¶
type OAuthManager struct {
// contains filtered or unexported fields
}
OAuthManager manages OAuth tokens with auto-refresh
func NewOAuthManager ¶
func NewOAuthManager(s store.Store, provider string, cfg *Config) *OAuthManager
NewOAuthManager creates a new OAuth manager
func (*OAuthManager) Complete ¶
func (m *OAuthManager) Complete(ctx context.Context, token *Token) error
Complete stores the token after OAuth completion
func (*OAuthManager) GetToken ¶
func (m *OAuthManager) GetToken(ctx context.Context) (string, error)
GetToken returns a valid token, refreshing if necessary. Uses a write lock throughout so refresh() can safely mutate m.token / m.refreshAt.
func (*OAuthManager) LoadCredentials ¶
func (m *OAuthManager) LoadCredentials(ctx context.Context) (*authTypes.Credentials, error)
LoadCredentials loads OAuth credentials from the auth store
func (*OAuthManager) Login ¶
func (m *OAuthManager) Login(ctx context.Context) (userCode, url string, err error)
Login starts OAuth authentication and returns the verification URL
func (*OAuthManager) StoreCredentials ¶
func (m *OAuthManager) StoreCredentials(ctx context.Context, creds *authTypes.Credentials) error
StoreCredentials stores OAuth credentials in the auth store
type ProviderConfig ¶
type ProviderConfig struct {
BaseURL string
ClientID string
AuthURL string
TokenURL string
DeviceCodeURL string
Scopes []string
}
ProviderConfig holds OAuth provider configuration
func DefaultGoogleProvider ¶
func DefaultGoogleProvider() *ProviderConfig
DefaultGoogleProvider returns default Google OAuth config
func DefaultOpenAIProvider ¶
func DefaultOpenAIProvider() *ProviderConfig
DefaultOpenAIProvider returns the Auth0-based OAuth config for ChatGPT.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server handles OAuth callbacks
func NewServer ¶
func NewServer(config *ServerConfig) *Server
NewServer creates a new OAuth callback server
func (*Server) WaitForCallback ¶
func (s *Server) WaitForCallback(ctx context.Context) (*TokenResponse, error)
WaitForCallback waits for the OAuth callback
type ServerConfig ¶
type ServerConfig struct {
Port int // Port to listen on (0 for random)
Timeout time.Duration // Timeout for the auth process
HTTPClient *http.Client
}
ServerConfig represents server configuration
func DefaultServerConfig ¶
func DefaultServerConfig() *ServerConfig
DefaultServerConfig returns a default server configuration
type SimpleAuthenticator ¶
type SimpleAuthenticator struct {
// contains filtered or unexported fields
}
SimpleAuthenticator handles the Auth0 device code flow for ChatGPT/OpenAI. Usage:
userCode, url, err := a.StartDeviceFlow(ctx) // show userCode and url to the user, then: token, err := a.WaitDeviceFlow(ctx)
func NewSimpleAuthenticator ¶
func NewSimpleAuthenticator(clientID string) *SimpleAuthenticator
NewSimpleAuthenticator creates a new authenticator for the given OAuth client ID.
func (*SimpleAuthenticator) StartDeviceFlow ¶
func (a *SimpleAuthenticator) StartDeviceFlow(ctx context.Context) (userCode, verificationURL string, err error)
StartDeviceFlow requests a device code from Auth0 and returns the user-facing code and verification URL. Call WaitDeviceFlow afterwards to poll for the token.
func (*SimpleAuthenticator) WaitDeviceFlow ¶
func (a *SimpleAuthenticator) WaitDeviceFlow(ctx context.Context) (*Token, error)
WaitDeviceFlow polls Auth0 until the user completes authentication. It blocks until the token is received or ctx is cancelled.
type Token ¶
type Token struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token,omitempty"`
IDToken string `json:"id_token,omitempty"`
TokenType TokenType `json:"token_type"`
ExpiresAt time.Time `json:"expires_at"`
Scope string `json:"scope,omitempty"`
}
Token represents an OAuth token
func (*Token) NeedsRefresh ¶
NeedsRefresh returns true if the token should be refreshed
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token,omitempty"`
IDToken string `json:"id_token,omitempty"`
Scope string `json:"scope,omitempty"`
}
TokenResponse represents a token response
func (*TokenResponse) ToToken ¶
func (r *TokenResponse) ToToken() *Token
ToToken converts to auth.Token format