Documentation
¶
Overview ¶
Package auth provides OIDC authentication for the krci CLI.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrNotAuthenticated = errors.New("not authenticated: run 'krci auth login'") ErrTokenExpired = errors.New("token expired") ErrRefreshFailed = errors.New("token refresh failed") )
Sentinel errors for auth failure classification. Callers use errors.Is() to branch on these.
Functions ¶
func NewTokenProvider ¶
NewTokenProvider creates a TokenProvider with the given store and config.
func ValidateIssuerURL ¶ added in v0.3.0
ValidateIssuerURL ensures the issuer URL is well-formed and uses HTTPS.
Types ¶
type TokenProvider ¶
type TokenProvider interface {
// GetToken returns a valid ID token for portal Bearer auth.
GetToken(ctx context.Context) (string, error)
// Login performs the interactive OIDC login flow.
Login(ctx context.Context) error
// Logout clears stored credentials.
Logout() error
// UserInfo returns cached user claims from the stored ID token.
UserInfo() (*UserInfo, error)
}
TokenProvider resolves a valid ID token using the precedence chain: KRCI_TOKEN env → cached token → refresh → error.
Source Files
Click to show internal directories.
Click to hide internal directories.