auth

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 11, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package auth manages token storage in the OS keyring and JWT utilities.

Index

Constants

This section is empty.

Variables

View Source
var ErrMalformedToken = errors.New("malformed token")

ErrMalformedToken is returned when the JWT cannot be decoded.

View Source
var ErrNoToken = errors.New("no token stored for context (run `finna login`)")

ErrNoToken is returned when no token is stored for the requested context.

Functions

func Delete

func Delete(contextName string) error

Delete removes the token for the named context. It is not an error if no token was stored.

func DeleteAll

func DeleteAll(contextNames []string) error

DeleteAll removes tokens for every context in the provided list. It continues past individual errors, collecting them all.

func Get

func Get(contextName string) (string, error)

Get retrieves the JWT for the named context from the OS keychain. Returns ErrNoToken if nothing is stored.

func Set

func Set(contextName, jwt string) error

Set stores jwt for the named context in the OS keychain.

func TokenProvider

func TokenProvider(contextName string) func() (string, error)

TokenProvider returns a TokenProvider function suitable for api.New that reads from the keyring. A missing token returns ("", nil) so unauthenticated callers get a clean 401 rather than a startup failure.

Types

type Claims

type Claims struct {
	Sub      string `json:"sub"`
	Username string `json:"username"`
	IsAdmin  bool   `json:"is_admin"`
	Provider string `json:"provider"` // "local" | "github" | "oidc"
	Issuer   string `json:"iss"`
	IssuedAt int64  `json:"iat"`
	Exp      int64  `json:"exp"`
	// Raw holds the full decoded payload for forward-compat display.
	Raw map[string]any
}

Claims is the decoded payload of a Finna JWT. We decode locally; no signature verification is needed since the server validates on every API call.

func DecodeJWT

func DecodeJWT(token string) (*Claims, error)

DecodeJWT decodes the payload section of a JWT without verifying the signature. This is intentionally read-only; the server is the authority.

func (*Claims) Expired

func (c *Claims) Expired() bool

Expired returns true when the token has already expired.

func (*Claims) ExpiresAt

func (c *Claims) ExpiresAt() time.Time

ExpiresAt returns the expiry as a time.Time (zero if not present).

func (*Claims) ExpiresSoon

func (c *Claims) ExpiresSoon(d time.Duration) bool

ExpiresSoon returns true when the token expires within d.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL