auth

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package auth provides OIDC authentication for the krci CLI.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotAuthenticated = errors.New("not authenticated: run 'krci auth login'")
	ErrTokenExpired     = errors.New("token expired")
	ErrRefreshFailed    = errors.New("token refresh failed")
)

Sentinel errors for auth failure classification. Callers use errors.Is() to branch on these.

Functions

func NewTokenProvider 

func NewTokenProvider(store token.Store, cfg *config.Config) *tokenProvider

NewTokenProvider creates a TokenProvider with the given store and config.

Types

type TokenProvider 

type TokenProvider interface {
	// GetToken returns a valid access token.
	GetToken(ctx context.Context) (string, error)
	// Login performs the interactive OIDC login flow.
	Login(ctx context.Context) error
	// Logout clears stored credentials.
	Logout() error
	// UserInfo returns cached user claims from the stored ID token.
	UserInfo() (*UserInfo, error)
}

TokenProvider resolves a valid access token using the precedence chain: KRCI_TOKEN env → cached token → refresh → error.

type UserInfo 

type UserInfo struct {
	Email     string    `json:"email"`
	Name      string    `json:"name"`
	Sub       string    `json:"sub"`
	Groups    []string  `json:"groups"`
	ExpiresAt time.Time `json:"-"` // set from token expiry, not from JWT claims
}

UserInfo holds OIDC claims extracted from the ID token.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.