oauth

package
v0.16.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 6, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthResult 

type AuthResult struct {
	Code  string
	State string
	Err   error
}

AuthResult is the result sent back from the OAuth callback.

type PendingAuth 

type PendingAuth struct {
	ID        string    `json:"id"`
	ToolName  string    `json:"tool_name"`
	AuthURL   string    `json:"auth_url,omitempty"`
	CreatedAt time.Time `json:"created_at"`
	// contains filtered or unexported fields
}

PendingAuth represents an in-progress OAuth authorization flow.

type PendingManager 

type PendingManager struct {
	// contains filtered or unexported fields
}

PendingManager tracks active OAuth authorization requests. The lifecycle:

  1. The AuthorizationCodeFetcher callback creates a pending auth via Create().
  2. It sets the auth URL via SetAuthURL() after the SDK generates it.
  3. It blocks on WaitForCompletion() until the callback resolves.
  4. The API callback handler calls Complete() with the code+state.
  5. WaitForCompletion() returns the result to the fetcher.

func NewPendingManager 

func NewPendingManager(logger *slog.Logger) *PendingManager

NewPendingManager creates a PendingManager.

func (*PendingManager) Cancel 

func (pm *PendingManager) Cancel(id string)

Cancel cancels a pending auth with an error.

func (*PendingManager) Cleanup 

func (pm *PendingManager) Cleanup()

Cleanup removes expired pending auths. Call periodically or on demand.

func (*PendingManager) CompleteByState 

func (pm *PendingManager) CompleteByState(state, code string) error

CompleteByState resolves a pending auth by the OAuth state parameter. This is called by the callback endpoint which receives state from the provider.

func (*PendingManager) Create 

func (pm *PendingManager) Create(toolName string) *PendingAuth

Create registers a new pending authorization for the given tool. If there's already a pending auth for this tool, it is cancelled first.

func (*PendingManager) Get 

func (pm *PendingManager) Get(id string) *PendingAuth

Get returns a pending auth by ID, or nil if not found.

func (*PendingManager) GetByToolName 

func (pm *PendingManager) GetByToolName(toolName string) *PendingAuth

GetByToolName returns the pending auth for a tool, or nil if none exists.

func (*PendingManager) List 

func (pm *PendingManager) List() []*PendingAuth

List returns all active pending authorizations. Safe for JSON serialization.

func (*PendingManager) SetAuthURL 

func (pm *PendingManager) SetAuthURL(id, authURL string) error

SetAuthURL sets the authorization URL and registers the state→ID mapping. The state parameter is extracted from the auth URL's query string.

func (*PendingManager) StartCleanup 

func (pm *PendingManager) StartCleanup(ctx context.Context, interval time.Duration)

StartCleanup runs periodic cleanup of expired pending auths. It blocks until the context is cancelled; call from a goroutine.

func (*PendingManager) WaitForCompletion 

func (pm *PendingManager) WaitForCompletion(ctx context.Context, id string) (code, state string, err error)

WaitForCompletion blocks until the pending auth is resolved or the context is cancelled. Returns the authorization code and state on success.

type StoredToken 

type StoredToken struct {
	ToolName     string
	AccessToken  string
	RefreshToken string
	TokenType    string
	Expiry       *time.Time
	Scopes       []string

	// OAuth2 config for token refresh.
	ClientID     string
	ClientSecret string
	TokenURL     string
	AuthStyle    oauth2.AuthStyle
	ResourceURL  string
}

StoredToken holds everything needed to reconstruct an oauth2.TokenSource without re-authorizing. Sensitive fields are encrypted at rest.

func (*StoredToken) Summary 

func (st *StoredToken) Summary() TokenSummary

Summary returns a non-sensitive summary of the token. NeedsReauth is only set when the token has expired AND has no refresh token. Non-expiring tokens (Expiry == nil, e.g. Todoist) never trigger NeedsReauth. Tokens with a refresh token are assumed refreshable even if expired.

func (*StoredToken) ToOAuth2Config 

func (st *StoredToken) ToOAuth2Config() *oauth2.Config

ToOAuth2Config reconstructs the oauth2.Config for token refresh.

func (*StoredToken) ToOAuth2Token 

func (st *StoredToken) ToOAuth2Token() *oauth2.Token

ToOAuth2Token converts to an oauth2.Token.

type TokenStore 

type TokenStore struct {
	// contains filtered or unexported fields
}

TokenStore provides encrypted token persistence in SQLite.

func NewTokenStore 

func NewTokenStore(db *sqlx.DB, hexKey string) (*TokenStore, error)

NewTokenStore creates a TokenStore using the provided database and hex-encoded AES-256 key (at least 32 bytes). The schema is applied automatically.

func (*TokenStore) Delete 

func (s *TokenStore) Delete(toolName string) error

Delete removes a stored token for the given tool.

func (*TokenStore) Get 

func (s *TokenStore) Get(toolName string) (*StoredToken, error)

Get retrieves a stored token for the given tool. Returns nil if not found.

func (*TokenStore) List 

func (s *TokenStore) List() ([]TokenSummary, error)

List returns a summary of all stored tokens.

func (*TokenStore) Put 

func (s *TokenStore) Put(st *StoredToken) error

Put stores or updates a token for the given tool.

type TokenSummary 

type TokenSummary struct {
	HasToken    bool       `json:"has_token"`
	ExpiresAt   *time.Time `json:"expires_at,omitempty"`
	Scopes      []string   `json:"scopes,omitempty"`
	NeedsReauth bool       `json:"needs_reauth"`
}

TokenSummary is a non-sensitive view of a stored token for API responses.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.