auth

package
v0.1.1-nightly.2026060... Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const ProviderVersionEnvVar = "TRACE_AUTH_PROVIDER_VERSION"

ProviderVersionEnvVar overrides the auto-detected provider version. Set to "v1" or "v2"; see effectiveProviderVersion for resolution. Read once at process startup via CurrentProvider.

Variables

View Source 
var ErrNotLoggedIn = tokenmanager.ErrNotLoggedIn

ErrNotLoggedIn re-exports tokenmanager.ErrNotLoggedIn so callers in the cli package can errors.Is against it without an extra import.

Functions

func EnableInsecureHTTP 

func EnableInsecureHTTP()

EnableInsecureHTTP relaxes the package-level manager's HTTPS guard so non-loopback http:// resources (and the auth host's STS endpoint) are permitted during token resolution.

Call before any TokenForResource invocation — the manager is built lazily on first use and the AllowInsecureHTTP setting is frozen at that point.

func LookupCurrentToken 

func LookupCurrentToken() (string, error)

LookupCurrentToken retrieves the token for the current base URL.

func SetManagerForTest 

func SetManagerForTest(t interface{ Helper() }, mgr *tokenmanager.Manager) func()

SetManagerForTest installs mgr as the manager returned by defaultManager() and returns a cleanup function. Test-only.

func SetProviderForTest 

func SetProviderForTest(t interface {
	Helper()
	Cleanup(f func())
}, p Provider,
)

SetProviderForTest installs p as the Provider returned by CurrentProvider for the duration of the test, and registers a t.Cleanup to remove the override. Test-only.

func Token 

func Token(ctx context.Context, req TokenRequest) (string, error)

Token is the full-control entry point. Use TokenForResource for the common case; this exists so callers can override the wire-level Audience, RequestedTokenType, or Scope per call.

func TokenForResource 

func TokenForResource(ctx context.Context, resourceBaseURL string) (string, error)

TokenForResource returns a bearer token suitable for use against resourceBaseURL, performing an RFC 8693 token exchange when the stored core token's audience doesn't already cover that resource.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(httpClient *http.Client) *Client

func (*Client) BaseURL 

func (c *Client) BaseURL() string

func (*Client) PollDeviceAuth 

func (c *Client) PollDeviceAuth(ctx context.Context, deviceCode string) (*DeviceAuthPoll, error)

func (*Client) StartDeviceAuth 

func (c *Client) StartDeviceAuth(ctx context.Context) (*DeviceAuthStart, error)

type DeviceAuthPoll 

type DeviceAuthPoll struct {
	AccessToken string `json:"access_token,omitempty"`
	TokenType   string `json:"token_type,omitempty"`
	ExpiresIn   int    `json:"expires_in,omitempty"`
	Scope       string `json:"scope,omitempty"`
	Error       string `json:"error,omitempty"`
}

type DeviceAuthStart 

type DeviceAuthStart struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int    `json:"expires_in"`
	Interval                int    `json:"interval"`
}

type Provider 

type Provider struct {
	ClientID       string
	DeviceCodePath string
	TokenPath      string
	STSPath        string
	AuthTokensPath string
}

Provider captures the per-surface bits of OAuth wiring.

STSPath is the RFC 8693 token-exchange endpoint. v1 is the legacy single-host surface where the auth and data API live at the same origin; the same-host shortcut in tokenmanager.Token always wins and STS is never invoked, so v1.STSPath is left empty. v2 exposes a dedicated STS path because it's used in split-host deployments (e.g. us.auth.partial.to mints, partial.to consumes).

AuthTokensPath is the base path for the auth-tokens management endpoint family (list / revoke). Routed at the api.Client layer via (*api.Client).WithAuthTokensPath so the provider table is the single source of truth — no env-var duplication between auth/ and api/.

func CurrentProvider 

func CurrentProvider() Provider

CurrentProvider returns the active Provider for this process. Resolution freezes on the first call (env vars must be set before then). Tests bypass the singleton via SetProviderForTest.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store manages CLI authentication tokens in the OS keyring. Implements tokenstore.Store for use with the tokenmanager library.

func NewStore 

func NewStore() *Store

NewStore returns a Store backed by the system keyring.

func NewStoreWithService 

func NewStoreWithService(service string) *Store

NewStoreWithService returns a Store with a custom keyring service name (for testing).

func (*Store) DeleteToken 

func (s *Store) DeleteToken(baseURL string) error

DeleteToken removes a stored token for the given base URL. Legacy method for backward compatibility with plain-string tokens.

func (*Store) DeleteTokens 

func (s *Store) DeleteTokens(profile string) error

DeleteTokens removes a stored TokenSet for the given profile. Treats missing profiles as a no-op. Implements tokenstore.Store.

func (*Store) GetToken 

func (s *Store) GetToken(baseURL string) (string, error)

GetToken retrieves a stored token for the given base URL. Returns an empty string (and no error) if no token is stored. Legacy method for backward compatibility with plain-string tokens.

func (*Store) LoadTokens 

func (s *Store) LoadTokens(profile string) (tokens.TokenSet, error)

LoadTokens retrieves a stored TokenSet for the given profile. Returns tokenstore.ErrNotFound if no token is stored. Handles legacy plain-string entries by wrapping them in a TokenSet. Implements tokenstore.Store.

func (*Store) SaveToken 

func (s *Store) SaveToken(baseURL, token string) error

SaveToken persists an access token for the given base URL. Legacy method for backward compatibility with plain-string tokens.

func (*Store) SaveTokens 

func (s *Store) SaveTokens(profile string, t tokens.TokenSet) error

SaveTokens persists a TokenSet for the given profile (typically a base URL). Implements tokenstore.Store. The TokenSet is stored as JSON in the keyring.

type TokenRequest 

type TokenRequest = tokenmanager.TokenRequest

TokenRequest is the trace-CLI alias of tokenmanager.TokenRequest so callers don't have to import the underlying package for the common case. The two types are interchangeable.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.