Documentation
¶
Overview ¶
Package auth provides OAuth 2.1 authentication for Basecamp.
Index ¶
- type ClientCredentials
- type Credentials
- type LoginOptions
- type LoginResult
- type Manager
- func (m *Manager) AccessToken(ctx context.Context) (string, error)
- func (m *Manager) CredentialKey() string
- func (m *Manager) GetOAuthType() string
- func (m *Manager) GetStore() *Store
- func (m *Manager) GetUserEmail() string
- func (m *Manager) IsAuthenticated() bool
- func (m *Manager) Login(ctx context.Context, opts LoginOptions) (*LoginResult, error)
- func (m *Manager) Logout() error
- func (m *Manager) Refresh(ctx context.Context) error
- func (m *Manager) SetStore(s *Store)
- func (m *Manager) SetUserEmail(email string) error
- func (m *Manager) SetUserIdentity(userID, email string) error
- func (m *Manager) StoredAccessToken(ctx context.Context) (string, error)
- type Store
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientCredentials ¶
type ClientCredentials struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret,omitempty"`
}
ClientCredentials holds OAuth client ID and secret.
type Credentials ¶
type Credentials struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
ExpiresAt int64 `json:"expires_at"`
Scope string `json:"scope"`
OAuthType string `json:"oauth_type"` // "bc3" or "launchpad"
TokenEndpoint string `json:"token_endpoint"`
UserID string `json:"user_id,omitempty"`
UserEmail string `json:"user_email,omitempty"`
}
Credentials holds OAuth tokens and metadata.
type LoginOptions ¶
type LoginOptions struct {
Scope string
NoBrowser bool // If true, don't auto-open browser, just print URL
// Remote forces remote/headless mode: skip the loopback listener and
// prompt the user to paste the callback URL. Auto-detected when SSH
// env vars are present (unless Local is set).
Remote bool
// Local forces local mode, overriding SSH auto-detection.
// Mutually exclusive with Remote.
Local bool
// InputReader is the source for pasted callback URLs in remote mode.
// If nil, os.Stdin is used.
InputReader io.Reader
// RedirectURI overrides the OAuth redirect URI.
// Takes precedence over BASECAMP_OAUTH_REDIRECT_URI and CallbackAddr.
RedirectURI string
// CallbackAddr is the address for the local OAuth callback server.
// Default: "127.0.0.1:8976"
CallbackAddr string
// BrowserLauncher opens the authorization URL in a browser.
// If nil, uses the default system browser launcher.
BrowserLauncher func(url string) error
// Logger receives status messages during the login flow.
// If nil, messages are suppressed for headless/SDK use.
Logger func(msg string)
}
LoginOptions configures the login flow.
type LoginResult ¶ added in v0.4.0
type LoginResult struct {
OAuthType string // "bc3" or "launchpad"
Scope string // effective scope: "read"/"full" for BC3, "" for Launchpad
}
LoginResult holds the outcome of a successful Login(). Callers use this to determine the effective scope instead of their input.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles OAuth authentication.
func NewManager ¶
NewManager creates a new auth manager.
func (*Manager) AccessToken ¶
AccessToken returns a valid access token, refreshing if needed. If BASECAMP_TOKEN env var is set, it's used directly without OAuth.
func (*Manager) CredentialKey ¶
CredentialKey returns the current credential storage key. This is exported for use in commands that need to display or lookup credentials.
func (*Manager) GetOAuthType ¶
GetOAuthType returns the OAuth type for the current credential key ("bc3" or "launchpad").
func (*Manager) GetUserEmail ¶ added in v0.3.0
GetUserEmail returns the stored user email for the current credential key.
func (*Manager) IsAuthenticated ¶
IsAuthenticated checks if there are valid credentials. Returns true if BASECAMP_TOKEN env var is set or if OAuth credentials exist.
func (*Manager) Login ¶
func (m *Manager) Login(ctx context.Context, opts LoginOptions) (*LoginResult, error)
Login initiates the OAuth login flow.
func (*Manager) SetStore ¶ added in v0.3.0
SetStore replaces the credential store. Used in tests to inject a file-backed store rooted in a temp directory.
func (*Manager) SetUserEmail ¶ added in v0.3.0
SetUserEmail stores the user email for the current credential key without modifying the stored user ID.
func (*Manager) SetUserIdentity ¶ added in v0.3.0
SetUserIdentity stores the user ID and email for the current credential key.
func (*Manager) StoredAccessToken ¶
StoredAccessToken returns a valid access token from the credential store, refreshing if needed. Unlike AccessToken, this ignores the BASECAMP_TOKEN environment variable and always uses stored OAuth credentials.
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store wraps credstore.Store with typed Credentials marshaling.
func (*Store) Load ¶
func (s *Store) Load(origin string) (*Credentials, error)
Load retrieves credentials for the given origin.
func (*Store) MigrateToKeyring ¶
MigrateToKeyring migrates credentials from file to keyring.
func (*Store) Save ¶
func (s *Store) Save(origin string, creds *Credentials) error
Save stores credentials for the given origin.
func (*Store) UsingKeyring ¶
UsingKeyring returns true if the store is using the system keyring.
Source Files