auth

package

v0.5.1 Latest Latest Go to latest Published: Apr 21, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/MercuryTechnologies/mercury-cli

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func ClearCredentials(environment string) error
func CredentialsPath() (string, error)
func GetToken(environment string) (string, error)
func ResolveEnvironment(cmd *cli.Command) string
func SaveCredentials(creds Credentials) error
type Credentials
- func LoadCredentials() (Credentials, error)
type OAuthConfig
- func DefaultOAuthConfig(environment string) *OAuthConfig
type TokenSet
- func Login(ctx context.Context, config *OAuthConfig) (*TokenSet, error)
- func RefreshToken(config *OAuthConfig, refreshToken string) (*TokenSet, error)
- func (t *TokenSet) IsExpired() bool

Constants ¶

View Source

const (
	// OAuth client IDs per environment (public clients, no secret).
	ProductionOAuthClientID = "d6a5310d-f441-4a36-b12a-2fc09c380936"
	SandboxOAuthClientID    = "da707cac-28d3-4003-bbc6-c7384ca6557a"

	// OAuth endpoints per environment.
	ProductionAuthURL  = "https://oauth2.mercury.com/oauth2/auth"
	ProductionTokenURL = "https://oauth2.mercury.com/oauth2/token"
	SandboxAuthURL     = "https://oauth2-sandbox.mercury.com/oauth2/auth"
	SandboxTokenURL    = "https://oauth2-sandbox.mercury.com/oauth2/token"

	// OAuthScopes requested during login.
	OAuthScopes = "offline_access openid read write"
)

Variables ¶

This section is empty.

Functions ¶

func ClearCredentials ¶

func ClearCredentials(environment string) error

ClearCredentials removes the token set for a specific environment.

func CredentialsPath ¶

func CredentialsPath() (string, error)

CredentialsPath returns the path to the credentials file.

func GetToken ¶

func GetToken(environment string) (string, error)

GetToken returns a valid OAuth access token for the given environment. Returns ("", nil) if no credentials are stored (no-op — the API will return 401). Automatically refreshes expired tokens when a refresh token is available.

func ResolveEnvironment ¶

func ResolveEnvironment(cmd *cli.Command) string

ResolveEnvironment determines the target environment from the CLI command flags. Defaults to "production" if not specified.

func SaveCredentials ¶

func SaveCredentials(creds Credentials) error

SaveCredentials writes credentials to disk with secure permissions.

Types ¶

type Credentials ¶

type Credentials map[string]*TokenSet

Credentials maps environment names to their token sets.

func LoadCredentials ¶

func LoadCredentials() (Credentials, error)

LoadCredentials reads credentials from disk. Returns empty credentials if the file doesn't exist.

type OAuthConfig ¶

type OAuthConfig struct {
	ClientID string
	AuthURL  string
	TokenURL string
}

OAuthConfig holds the OAuth configuration for a specific environment.

func DefaultOAuthConfig ¶

func DefaultOAuthConfig(environment string) *OAuthConfig

DefaultOAuthConfig returns the OAuth configuration for the given environment.

type TokenSet ¶

type TokenSet struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	TokenType    string    `json:"token_type"`
	Expiry       time.Time `json:"expiry"`
}

TokenSet holds OAuth tokens for a single environment.

func Login(ctx context.Context, config *OAuthConfig) (*TokenSet, error)

Login performs the OAuth Authorization Code + PKCE flow. It starts a localhost server, opens the browser for authorization, waits for the callback, and exchanges the code for tokens.

func RefreshToken ¶

func RefreshToken(config *OAuthConfig, refreshToken string) (*TokenSet, error)

RefreshToken exchanges a refresh token for new tokens.

func (*TokenSet) IsExpired ¶

func (t *TokenSet) IsExpired() bool

IsExpired returns true if the access token is expired or will expire within 30 seconds.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL