Documentation
¶
Index ¶
- type AuthResult
- type Handler
- func (h *Handler) Authorize(ctx context.Context, req *http.Request, resp *http.Response) error
- func (h *Handler) ClearToken() error
- func (h *Handler) Close()
- func (h *Handler) HasToken() bool
- func (h *Handler) TokenSource(ctx context.Context) (oauth2.TokenSource, error)
- func (h *Handler) ToolName() string
- type HandlerConfig
- type PendingAuth
- type PendingManager
- func (pm *PendingManager) Cancel(id string)
- func (pm *PendingManager) Cleanup()
- func (pm *PendingManager) CompleteByState(state, code string) error
- func (pm *PendingManager) Create(toolName string) *PendingAuth
- func (pm *PendingManager) Get(id string) *PendingAuth
- func (pm *PendingManager) GetByToolName(toolName string) *PendingAuth
- func (pm *PendingManager) List() []*PendingAuth
- func (pm *PendingManager) SetAuthURL(id, authURL string) error
- func (pm *PendingManager) StartCleanup(ctx context.Context, interval time.Duration)
- func (pm *PendingManager) WaitForCompletion(ctx context.Context, id string) (code, state string, err error)
- type StoredToken
- type TokenStore
- type TokenSummary
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthResult ¶
AuthResult is the result sent back from the OAuth callback.
type Handler ¶ added in v0.22.1
type Handler struct {
*auth.AuthorizationCodeHandler
// contains filtered or unexported fields
}
Handler wraps auth.AuthorizationCodeHandler to add token persistence and pending authorization bridging for the web UI.
It embeds *auth.AuthorizationCodeHandler to satisfy the unexported isOAuthHandler() method required by the auth.OAuthHandler interface.
func NewHandler ¶ added in v0.22.1
func NewHandler(cfg HandlerConfig) (*Handler, error)
NewHandler creates an OAuth handler for a remote MCP tool. If a stored token exists, it initializes cachedTS for immediate use.
func (*Handler) Authorize ¶ added in v0.22.1
Authorize delegates to the inner handler, then persists the resulting token.
func (*Handler) ClearToken ¶ added in v0.22.1
ClearToken removes the cached token and stored token.
func (*Handler) Close ¶ added in v0.22.1
func (h *Handler) Close()
Close cancels any background token refresh operations.
func (*Handler) HasToken ¶ added in v0.22.1
HasToken returns whether this handler has a cached token.
func (*Handler) TokenSource ¶ added in v0.22.1
TokenSource returns a cached token source if available, otherwise nil. When nil is returned, the transport will send a request without auth, receive a 401, and call Authorize().
type HandlerConfig ¶ added in v0.22.1
type HandlerConfig struct {
ToolName string
CallbackURL string // e.g. "https://denkeeper.example.com/api/v1/tools/oauth/callback"
ClientID string // pre-registered (optional)
ClientSecret string // pre-registered (optional)
Scopes []string
HTTPClient *http.Client // SSRF-safe client
Store *TokenStore
Pending *PendingManager
Logger *slog.Logger
}
HandlerConfig configures the OAuth handler for a remote MCP tool.
type PendingAuth ¶
type PendingAuth struct {
ID string `json:"id"`
ToolName string `json:"tool_name"`
AuthURL string `json:"auth_url,omitempty"`
CreatedAt time.Time `json:"created_at"`
// contains filtered or unexported fields
}
PendingAuth represents an in-progress OAuth authorization flow.
type PendingManager ¶
type PendingManager struct {
// contains filtered or unexported fields
}
PendingManager tracks active OAuth authorization requests. The lifecycle:
- The AuthorizationCodeFetcher callback creates a pending auth via Create().
- It sets the auth URL via SetAuthURL() after the SDK generates it.
- It blocks on WaitForCompletion() until the callback resolves.
- The API callback handler calls Complete() with the code+state.
- WaitForCompletion() returns the result to the fetcher.
func NewPendingManager ¶
func NewPendingManager(logger *slog.Logger) *PendingManager
NewPendingManager creates a PendingManager.
func (*PendingManager) Cancel ¶
func (pm *PendingManager) Cancel(id string)
Cancel cancels a pending auth with an error.
func (*PendingManager) Cleanup ¶
func (pm *PendingManager) Cleanup()
Cleanup removes expired pending auths. Call periodically or on demand.
func (*PendingManager) CompleteByState ¶
func (pm *PendingManager) CompleteByState(state, code string) error
CompleteByState resolves a pending auth by the OAuth state parameter. This is called by the callback endpoint which receives state from the provider.
func (*PendingManager) Create ¶
func (pm *PendingManager) Create(toolName string) *PendingAuth
Create registers a new pending authorization for the given tool. If there's already a pending auth for this tool, it is cancelled first.
func (*PendingManager) Get ¶
func (pm *PendingManager) Get(id string) *PendingAuth
Get returns a pending auth by ID, or nil if not found.
func (*PendingManager) GetByToolName ¶
func (pm *PendingManager) GetByToolName(toolName string) *PendingAuth
GetByToolName returns the pending auth for a tool, or nil if none exists.
func (*PendingManager) List ¶
func (pm *PendingManager) List() []*PendingAuth
List returns all active pending authorizations. Safe for JSON serialization.
func (*PendingManager) SetAuthURL ¶
func (pm *PendingManager) SetAuthURL(id, authURL string) error
SetAuthURL sets the authorization URL and registers the state→ID mapping. The state parameter is extracted from the auth URL's query string.
func (*PendingManager) StartCleanup ¶
func (pm *PendingManager) StartCleanup(ctx context.Context, interval time.Duration)
StartCleanup runs periodic cleanup of expired pending auths. It blocks until the context is cancelled; call from a goroutine.
func (*PendingManager) WaitForCompletion ¶
func (pm *PendingManager) WaitForCompletion(ctx context.Context, id string) (code, state string, err error)
WaitForCompletion blocks until the pending auth is resolved or the context is cancelled. Returns the authorization code and state on success.
type StoredToken ¶
type StoredToken struct {
ToolName string
AccessToken string
RefreshToken string
TokenType string
Expiry *time.Time
Scopes []string
// OAuth2 config for token refresh.
ClientID string
ClientSecret string
TokenURL string
AuthStyle oauth2.AuthStyle
ResourceURL string
}
StoredToken holds everything needed to reconstruct an oauth2.TokenSource without re-authorizing. Sensitive fields are encrypted at rest.
func (*StoredToken) Summary ¶
func (st *StoredToken) Summary() TokenSummary
Summary returns a non-sensitive summary of the token. NeedsReauth is only set when the token has expired AND has no refresh token. Non-expiring tokens (Expiry == nil, e.g. Todoist) never trigger NeedsReauth. Tokens with a refresh token are assumed refreshable even if expired.
func (*StoredToken) ToOAuth2Config ¶
func (st *StoredToken) ToOAuth2Config() *oauth2.Config
ToOAuth2Config reconstructs the oauth2.Config for token refresh.
func (*StoredToken) ToOAuth2Token ¶
func (st *StoredToken) ToOAuth2Token() *oauth2.Token
ToOAuth2Token converts to an oauth2.Token.
type TokenStore ¶
type TokenStore struct {
// contains filtered or unexported fields
}
TokenStore provides encrypted token persistence in SQLite.
func NewTokenStore ¶
func NewTokenStore(db *sqlx.DB, hexKey string) (*TokenStore, error)
NewTokenStore creates a TokenStore using the provided database and hex-encoded AES-256 key (at least 32 bytes). The schema is applied automatically.
func (*TokenStore) Delete ¶
func (s *TokenStore) Delete(toolName string) error
Delete removes a stored token for the given tool.
func (*TokenStore) Get ¶
func (s *TokenStore) Get(toolName string) (*StoredToken, error)
Get retrieves a stored token for the given tool. Returns nil if not found.
func (*TokenStore) List ¶
func (s *TokenStore) List() ([]TokenSummary, error)
List returns a summary of all stored tokens.
func (*TokenStore) Put ¶
func (s *TokenStore) Put(st *StoredToken) error
Put stores or updates a token for the given tool.
Source Files