auth

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 21, 2026 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// OAuth client IDs per environment (public clients, no secret).
	ProductionOAuthClientID = "d6a5310d-f441-4a36-b12a-2fc09c380936"
	SandboxOAuthClientID    = "da707cac-28d3-4003-bbc6-c7384ca6557a"

	// OAuth endpoints per environment.
	ProductionAuthURL  = "https://oauth2.mercury.com/oauth2/auth"
	ProductionTokenURL = "https://oauth2.mercury.com/oauth2/token"
	SandboxAuthURL     = "https://oauth2-sandbox.mercury.com/oauth2/auth"
	SandboxTokenURL    = "https://oauth2-sandbox.mercury.com/oauth2/token"

	// OAuthScopes requested during login.
	OAuthScopes = "offline_access openid read write"
)

Variables

This section is empty.

Functions

func ClearToken added in v0.6.0 

func ClearToken(environment string) error

ClearToken removes stored tokens for the given environment from both the keyring and the plaintext fallback. A missing keyring entry is not an error; other keyring failures propagate so a failed logout does not look successful while the tokens remain readable on the next LoadToken.

func CredentialsPath 

func CredentialsPath() (string, error)

func GetToken 

func GetToken(environment string) (string, error)

GetToken returns a valid OAuth access token for the given environment. Returns ("", nil) if no credentials are stored (no-op — the API will return 401). Automatically refreshes expired tokens when a refresh token is available.

func ResolveEnvironment 

func ResolveEnvironment(cmd *cli.Command) string

ResolveEnvironment determines the target environment from the CLI command flags. Defaults to "production" if not specified.

func SaveToken added in v0.6.0 

func SaveToken(environment string, tokens *TokenSet) (insecure bool, err error)

SaveToken persists tokens for the given environment. It tries the system keyring first; if that fails or times out, it writes to a plaintext file at ~/.config/mercury/credentials.json with 0600 permissions. The returned bool is true when the plaintext fallback was used.

Types

type OAuthConfig 

type OAuthConfig struct {
	ClientID string
	AuthURL  string
	TokenURL string
}

OAuthConfig holds the OAuth configuration for a specific environment.

func DefaultOAuthConfig 

func DefaultOAuthConfig(environment string) *OAuthConfig

DefaultOAuthConfig returns the OAuth configuration for the given environment.

type TokenSet 

type TokenSet struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	TokenType    string    `json:"token_type"`
	Expiry       time.Time `json:"expiry"`
}

TokenSet holds OAuth tokens for a single environment.

func LoadToken added in v0.6.0 

func LoadToken(environment string) (*TokenSet, error)

LoadToken returns the stored token set for the given environment. It checks the system keyring first, then the plaintext fallback file. Returns (nil, nil) if no tokens are stored in either location.

func Login 

func Login(ctx context.Context, config *OAuthConfig) (*TokenSet, error)

Login performs the OAuth Authorization Code + PKCE flow. It starts a localhost server, opens the browser for authorization, waits for the callback, and exchanges the code for tokens.

func RefreshToken 

func RefreshToken(config *OAuthConfig, refreshToken string) (*TokenSet, error)

RefreshToken exchanges a refresh token for new tokens.

func (*TokenSet) IsExpired 

func (t *TokenSet) IsExpired() bool

IsExpired returns true if the access token is expired or will expire within 30 seconds.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.