auth

package

v0.1.0 Latest Latest Go to latest Published: Jan 8, 2026 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/abdo-farag/otc-cli

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateState() (string, error)
type CallbackHandler
- func NewCallbackHandler(port int, templatesFS embed.FS) *CallbackHandler
type Client
- func NewClient(cfg *config.Config) *Client
- func (c *Client) GetOIDCToken() (*TokenResponse, *CallbackHandler, error)
type IAMClient
- func NewIAMClient(cfg *config.Config) *IAMClient
type IAMTokenDomain
type IAMTokenProject
type IAMTokenResponse
type IAMTokenRole
type IAMTokenUser
type PKCEChallenge
- func GeneratePKCE() (*PKCEChallenge, error)
- func GeneratePKCEWithMethod(method string) (*PKCEChallenge, error)
type TokenResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateState ¶

func GenerateState() (string, error)

GenerateState generates a random state parameter for CSRF protection

Types ¶

type CallbackHandler ¶

type CallbackHandler struct {
	// contains filtered or unexported fields
}

func NewCallbackHandler ¶

func NewCallbackHandler(port int, templatesFS embed.FS) *CallbackHandler

func (*CallbackHandler) Close ¶

func (h *CallbackHandler) Close() error

Close gracefully shuts down the callback server

func (*CallbackHandler) SetValidationStatus ¶

func (h *CallbackHandler) SetValidationStatus(status, message string)

SetValidationStatus updates the validation status shown in the browser This should be called from the CLI after token exchange succeeds/fails

func (*CallbackHandler) StartServer ¶

func (h *CallbackHandler) StartServer() error

func (*CallbackHandler) WaitForCode ¶

func (h *CallbackHandler) WaitForCode(timeout time.Duration) (string, error)

WaitForCode waits for the authorization code from the callback

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(cfg *config.Config) *Client

func (*Client) GetOIDCToken ¶

func (c *Client) GetOIDCToken() (*TokenResponse, *CallbackHandler, error)

type IAMClient ¶

type IAMClient struct {
	// contains filtered or unexported fields
}

IAMClient handles direct OTC IAM authentication using gophertelekomcloud

func NewIAMClient ¶

func NewIAMClient(cfg *config.Config) *IAMClient

NewIAMClient creates a new IAM authentication client

func (*IAMClient) GetIAMToken ¶

func (ic *IAMClient) GetIAMToken(username, password string) (string, error)

GetIAMToken authenticates using OTC IAM user credentials (username/email and password) Returns the unscoped token ID that can be used for further API calls

func (*IAMClient) GetScopedToken ¶

func (ic *IAMClient) GetScopedToken(unscopedToken string, projectID string) (string, error)

GetScopedToken gets a project-scoped token using an unscoped token

func (*IAMClient) RefreshIAMToken ¶

func (ic *IAMClient) RefreshIAMToken(token string) (bool, error)

RefreshIAMToken validates if a token is still valid

type IAMTokenDomain ¶

type IAMTokenDomain struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

type IAMTokenProject ¶

type IAMTokenProject struct {
	Domain struct {
		ID   string `json:"id"`
		Name string `json:"name"`
	} `json:"domain"`
	ID   string `json:"id"`
	Name string `json:"name"`
}

type IAMTokenResponse ¶

type IAMTokenResponse struct {
	Token struct {
		Methods   []string        `json:"methods"`
		User      IAMTokenUser    `json:"user"`
		AuditIds  []string        `json:"audit_ids"`
		Roles     []IAMTokenRole  `json:"roles"`
		ExpiresAt time.Time       `json:"expires_at"`
		IssuedAt  time.Time       `json:"issued_at"`
		Project   IAMTokenProject `json:"project"`
		Catalog   []interface{}   `json:"catalog"`
		Domain    IAMTokenDomain  `json:"domain"`
	} `json:"token"`
}

IAMTokenResponse represents the IAM token response structure

type IAMTokenRole ¶

type IAMTokenRole struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

type IAMTokenUser ¶

type IAMTokenUser struct {
	Domain struct {
		ID   string `json:"id"`
		Name string `json:"name"`
	} `json:"domain"`
	ID                string `json:"id"`
	Name              string `json:"name"`
	PasswordExpiresAt string `json:"password_expires_at"`
}

type PKCEChallenge ¶

type PKCEChallenge struct {
	Verifier  string
	Challenge string
	Method    string // "S256" or "plain"
}

func GeneratePKCE ¶

func GeneratePKCE() (*PKCEChallenge, error)

GeneratePKCE generates PKCE challenge with support for both S256 and plain methods S256 (default): Uses SHA256 hash of the verifier plain: Uses the verifier directly as the challenge (less secure, only for development)

func GeneratePKCEWithMethod ¶

func GeneratePKCEWithMethod(method string) (*PKCEChallenge, error)

GeneratePKCEWithMethod generates PKCE challenge with specified method method: "S256" (recommended, uses SHA256) or "plain" (development only, uses verifier directly)

type TokenResponse ¶

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	IDToken      string `json:"id_token"`
	RefreshToken string `json:"refresh_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL