oauth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Overview

Package oauth implements local OAuth device, browser, and token flows.

Index

Constants

View Source
const DeviceCodeGrantType = "urn:ietf:params:oauth:grant-type:device_code"

Variables

View Source
var ErrNoToken = errors.New("no oauth token")

Functions

func DeleteProviderProfile

func DeleteProviderProfile(configHome, name string) error

func DeleteToken

func DeleteToken(configHome string) error

func GenerateState

func GenerateState() (string, error)

func RevokeToken

func RevokeToken(ctx context.Context, metadata ProviderMetadata, clientID string, tokenValue string, hint string) error

Types

type BrowserAuthorization

type BrowserAuthorization struct {
	AuthorizationURL string `json:"authorization_url"`
	RedirectURI      string `json:"redirect_uri"`
	State            string `json:"state"`
	CodeVerifier     string `json:"code_verifier"`
	CodeChallenge    string `json:"code_challenge"`
	Method           string `json:"method"`
}

func BuildBrowserAuthorization

func BuildBrowserAuthorization(metadata ProviderMetadata, clientID, redirectURI string, scopes []string, state string, pkce PKCE) (BrowserAuthorization, error)

type BrowserCallback

type BrowserCallback struct {
	Code  string `json:"code"`
	State string `json:"state,omitempty"`
}

type BrowserCallbackResult

type BrowserCallbackResult struct {
	Callback BrowserCallback
	Err      error
}

type BrowserCallbackServer

type BrowserCallbackServer struct {
	RedirectURI string
	Results     <-chan BrowserCallbackResult
	Close       func() error
}

func StartBrowserCallbackServer

func StartBrowserCallbackServer(ctx context.Context, addr, path, expectedState string) (BrowserCallbackServer, error)

type DeviceAuthorization

type DeviceAuthorization struct {
	DeviceCode              string    `json:"device_code"`
	UserCode                string    `json:"user_code"`
	VerificationURI         string    `json:"verification_uri"`
	VerificationURIComplete string    `json:"verification_uri_complete,omitempty"`
	ExpiresIn               int       `json:"expires_in"`
	Interval                int       `json:"interval,omitempty"`
	Message                 string    `json:"message,omitempty"`
	ExpiresAt               time.Time `json:"expires_at,omitempty"`
}

func StartDeviceAuthorization

func StartDeviceAuthorization(ctx context.Context, metadata ProviderMetadata, clientID string, scopes []string) (DeviceAuthorization, error)

type DevicePollOptions

type DevicePollOptions struct {
	ClientID  string
	Interval  time.Duration
	ExpiresAt time.Time
	Now       func() time.Time
	Sleep     func(context.Context, time.Duration) error
}

type LogoutResult

type LogoutResult struct {
	Kind           string `json:"kind,omitempty"`
	Action         string `json:"action,omitempty"`
	Status         string `json:"status,omitempty"`
	Deleted        bool   `json:"deleted"`
	AccessRevoked  bool   `json:"access_revoked,omitempty"`
	RefreshRevoked bool   `json:"refresh_revoked,omitempty"`
	Revocation     string `json:"revocation,omitempty"`
}

func Logout

func Logout(ctx context.Context, configHome string, profileName string) (LogoutResult, error)

type PKCE

type PKCE struct {
	CodeVerifier  string `json:"code_verifier"`
	CodeChallenge string `json:"code_challenge"`
	Method        string `json:"method"`
}

func GeneratePKCE

func GeneratePKCE() (PKCE, error)

type ProviderMetadata

type ProviderMetadata struct {
	Issuer                            string   `json:"issuer,omitempty"`
	AuthorizationEndpoint             string   `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                     string   `json:"token_endpoint,omitempty"`
	DeviceAuthorizationEndpoint       string   `json:"device_authorization_endpoint,omitempty"`
	RevocationEndpoint                string   `json:"revocation_endpoint,omitempty"`
	JWKSURI                           string   `json:"jwks_uri,omitempty"`
	ScopesSupported                   []string `json:"scopes_supported,omitempty"`
	GrantTypesSupported               []string `json:"grant_types_supported,omitempty"`
	CodeChallengeMethodsSupported     []string `json:"code_challenge_methods_supported,omitempty"`
	ResponseTypesSupported            []string `json:"response_types_supported,omitempty"`
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
	SourceURL                         string   `json:"source_url,omitempty"`
}

func DiscoverProvider

func DiscoverProvider(ctx context.Context, issuer string) (ProviderMetadata, error)

type ProviderProfile

type ProviderProfile struct {
	Name      string           `json:"name"`
	Issuer    string           `json:"issuer"`
	ClientID  string           `json:"client_id"`
	Scopes    []string         `json:"scopes,omitempty"`
	Metadata  ProviderMetadata `json:"metadata"`
	CreatedAt time.Time        `json:"created_at"`
	UpdatedAt time.Time        `json:"updated_at"`
}

func ListProviderProfiles

func ListProviderProfiles(configHome string) ([]ProviderProfile, error)

func LoadProviderProfile

func LoadProviderProfile(configHome, name string) (ProviderProfile, error)

func ResolveProviderProfile

func ResolveProviderProfile(configHome, name string) (ProviderProfile, error)

func SaveProviderProfile

func SaveProviderProfile(ctx context.Context, configHome, name, issuer, clientID string, scopes []string) (ProviderProfile, error)

type Status

type Status struct {
	Kind              string           `json:"kind,omitempty"`
	Action            string           `json:"action,omitempty"`
	Status            string           `json:"status,omitempty"`
	ProfileName       string           `json:"profile_name,omitempty"`
	ProfileConfigured bool             `json:"profile_configured"`
	Profile           *ProviderProfile `json:"profile,omitempty"`
	TokenPresent      bool             `json:"token_present"`
	Token             *TokenView       `json:"token,omitempty"`
	Expired           bool             `json:"expired"`
	CanRefresh        bool             `json:"can_refresh"`
	Ready             bool             `json:"ready"`
	Issue             string           `json:"issue,omitempty"`
}

Status describes whether a saved OAuth provider profile and token are usable.

func InspectStatus

func InspectStatus(configHome string, profileName string, now time.Time) Status

InspectStatus loads the configured OAuth profile and token without mutating local state.

type Token

type Token struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	TokenType    string    `json:"token_type,omitempty"`
	ExpiresAt    time.Time `json:"expires_at,omitempty"`
	CreatedAt    time.Time `json:"created_at"`
}

func ExchangeAuthorizationCode

func ExchangeAuthorizationCode(ctx context.Context, metadata ProviderMetadata, clientID, code, codeVerifier, redirectURI string) (Token, error)

func LoadToken

func LoadToken(configHome string) (Token, error)

func PollDeviceToken

func PollDeviceToken(ctx context.Context, metadata ProviderMetadata, deviceCode string, options DevicePollOptions) (Token, error)

func RefreshStoredToken

func RefreshStoredToken(ctx context.Context, configHome string, profileName string) (Token, error)

func RefreshToken

func RefreshToken(ctx context.Context, metadata ProviderMetadata, clientID string, refreshToken string) (Token, error)

func SaveToken

func SaveToken(configHome string, token Token) (Token, error)

func (Token) Expired

func (t Token) Expired(now time.Time) bool

func (Token) View

func (t Token) View(now time.Time) TokenView

type TokenView

type TokenView struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	TokenType    string    `json:"token_type,omitempty"`
	ExpiresAt    time.Time `json:"expires_at,omitempty"`
	CreatedAt    time.Time `json:"created_at"`
	Expired      bool      `json:"expired"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL