auth

package
v0.30.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// OAuth2ProviderName is a string representation of the OAuth2 provider name.
	OAuth2ProviderName = "oauth2"
)
View Source 
const (
	// OIDCProviderName is a string representation of the OIDC provider name.
	OIDCProviderName = "oidc"
)

Variables

This section is empty.

Functions

func DefaultStateGenerator added in v0.30.4 

func DefaultStateGenerator() string

DefaultStateGenerator generates a secure random OAuth state parameter for CSRF protection.

Types

type Credentials 

type Credentials struct {
	AccessToken  string    `json:"access_token" yaml:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty" yaml:"refresh_token,omitempty"`
	TokenType    string    `json:"token_type" yaml:"token_type"`
	ExpiresAt    time.Time `json:"expires_at" yaml:"expires_at"`
}

Credentials stores authentication tokens and metadata

func (*Credentials) IsExpired 

func (c *Credentials) IsExpired() bool

IsExpired checks if the access token has expired

type CredentialsStore added in v0.30.4 

type CredentialsStore interface {
	Load() (*Credentials, error)
	Save(*Credentials) error
}

CredentialsStore interface for storing/loading credentials

type Flow 

type Flow struct {
	SkipBrowser bool // Skip browser opening for tests
	// contains filtered or unexported fields
}

Flow manages the OAuth2/OIDC authorization flow. Uses channels and goroutines to handle async browser-based OAuth callbacks while maintaining a timeout. This pattern is necessary because we need to serve HTTP callbacks while the main thread waits for authentication to complete.

func NewFlow 

func NewFlow(clientID string, callbackPort int, httpClient http.HTTPDoer, opts ...FlowOption) *Flow

NewFlow creates a new OAuth flow with PKCE. The flow is designed to be reusable across different service contexts.

func (*Flow) GetAuthURL added in v0.30.4 

func (f *Flow) GetAuthURL() string

GetAuthURL returns the authorization URL for manual browser opening

func (*Flow) SendAuthRequest added in v0.30.4 

func (f *Flow) SendAuthRequest() error

SendAuthRequest opens browser with auth URL

func (*Flow) StartCallbackServer added in v0.30.4 

func (f *Flow) StartCallbackServer() error

StartCallbackServer starts the OAuth callback server

func (*Flow) WaitForCallback added in v0.30.4 

func (f *Flow) WaitForCallback(ctx context.Context) (*Credentials, error)

WaitForCallback waits for OAuth callback and returns credentials

type FlowOption added in v0.30.4 

type FlowOption func(f *Flow)

FlowOption is used to configure the flow object.

func WithProvider added in v0.30.4 

func WithProvider(provider *OIDCProvider) FlowOption

WithProvider sets a specific OIDC provider for the flow

func WithStateGenerator added in v0.30.4 

func WithStateGenerator(g StateGenerator) FlowOption

WithStateGenerator is an option used to override the state generation for authentication.

type OAuth2ClientCredentialsProvider added in v0.30.4 

type OAuth2ClientCredentialsProvider struct {
	TokenEndpoint string
	ClientID      string
	ClientSecret  string
	// contains filtered or unexported fields
}

OAuth2ClientCredentialsProvider represents an OAuth2 client credentials provider

func NewOAuth2Provider added in v0.30.4 

func NewOAuth2Provider(ctx context.Context, clientID, clientSecret string, httpClient http.HTTPDoer, store CredentialsStore) (*OAuth2ClientCredentialsProvider, error)

NewOAuth2Provider creates an OAuth2 provider that implements the Provider interface

func (*OAuth2ClientCredentialsProvider) AuthEndpointHandler added in v0.30.4 

func (p *OAuth2ClientCredentialsProvider) AuthEndpointHandler() func(clientID, redirectURI, state, codeChallenge string) string

AuthEndpointHandler implements Provider interface for OAuth2 (not supported)

func (*OAuth2ClientCredentialsProvider) Do added in v0.30.4 

func (p *OAuth2ClientCredentialsProvider) Do(req *stdhttp.Request) (*stdhttp.Response, error)

Do implements http.HTTPDoer interface with OAuth2 authentication

func (*OAuth2ClientCredentialsProvider) GetTokenEndpoint added in v0.30.4 

func (p *OAuth2ClientCredentialsProvider) GetTokenEndpoint() string

GetTokenEndpoint implements Provider interface for OAuth2

func (*OAuth2ClientCredentialsProvider) Load added in v0.30.4 

func (p *OAuth2ClientCredentialsProvider) Load() (*Credentials, error)

Load implements CredentialsStore interface

func (*OAuth2ClientCredentialsProvider) RefreshToken added in v0.30.4 

func (p *OAuth2ClientCredentialsProvider) RefreshToken(ctx context.Context, refreshToken string, httpDoer http.HTTPDoer) (*TokenResponse, error)

RefreshToken implements Provider interface for OAuth2 client credentials

func (*OAuth2ClientCredentialsProvider) Save added in v0.30.4 

func (p *OAuth2ClientCredentialsProvider) Save(creds *Credentials) error

Save implements CredentialsStore interface

type OIDCProvider added in v0.30.4 

type OIDCProvider struct {
	Issuer                string `json:"issuer"`
	AuthorizationEndpoint string `json:"authorization_endpoint"`
	TokenEndpoint         string `json:"token_endpoint"`
	UserinfoEndpoint      string `json:"userinfo_endpoint,omitempty"`
	JwksURI               string `json:"jwks_uri,omitempty"`
	ClientID              string `json:"client_id,omitempty"`
	// contains filtered or unexported fields
}

OIDCProvider represents an OIDC provider configuration

func DiscoverProvider 

func DiscoverProvider(ctx context.Context, issuerURL string, client http.HTTPDoer) (*OIDCProvider, error)

DiscoverProvider fetches OIDC provider configuration from well-known endpoint

func NewOIDCProvider added in v0.30.4 

func NewOIDCProvider(httpClient http.HTTPDoer, store CredentialsStore) *OIDCProvider

NewOIDCProvider creates a new OIDC provider that implements the Provider interface

func (*OIDCProvider) AuthEndpointHandler added in v0.30.4 

func (p *OIDCProvider) AuthEndpointHandler() func(clientID, redirectURI, state, codeChallenge string) string

AuthEndpointHandler implements Provider interface for OIDC

func (*OIDCProvider) Do added in v0.30.4 

func (p *OIDCProvider) Do(req *stdhttp.Request) (*stdhttp.Response, error)

Do implements http.HTTPDoer interface with OIDC authentication

func (*OIDCProvider) GetTokenEndpoint added in v0.30.4 

func (p *OIDCProvider) GetTokenEndpoint() string

TokenEndpoint implements Provider interface for OIDC

func (*OIDCProvider) Load added in v0.30.4 

func (p *OIDCProvider) Load() (*Credentials, error)

Load implements CredentialsStore interface

func (*OIDCProvider) RefreshToken added in v0.30.4 

func (p *OIDCProvider) RefreshToken(ctx context.Context, refreshToken string, httpDoer http.HTTPDoer) (*TokenResponse, error)

RefreshToken implements Provider interface for OIDC

func (*OIDCProvider) Save added in v0.30.4 

func (p *OIDCProvider) Save(creds *Credentials) error

Save implements CredentialsStore interface

func (*OIDCProvider) SetCredentialsStore added in v0.30.4 

func (p *OIDCProvider) SetCredentialsStore(store CredentialsStore)

SetCredentialsStore sets the credentials store for the provider

type Provider 

type Provider interface {
	http.HTTPDoer
	CredentialsStore
}

Provider combines HTTP client functionality with credential storage for authenticated requests

type StateGenerator added in v0.30.4 

type StateGenerator func() string

StateGenerator is a function that generates the OAuth state parameter for CSRF protection.

type TokenResponse 

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	RefreshToken string `json:"refresh_token,omitempty"`
	IDToken      string `json:"id_token,omitempty"`
}

TokenResponse represents an OAuth2 token response

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.