auth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 22, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultConfigDir

func DefaultConfigDir() (string, error)

DefaultConfigDir returns the config directory: $BASETEN_CONFIG_DIR > os.UserConfigDir()/baseten

func OAuthContext

func OAuthContext(ctx context.Context, base http.RoundTripper) context.Context

OAuthContext returns a context that carries an oauth2 HTTP client which stamps the Baseten User-Agent on every request, layered over base.

Types

type AuthFile

type AuthFile struct {
	Version int                  `json:"version"`
	Hosts   map[string]HostEntry `json:"hosts"`
}

AuthFile is the on-disk auth.json structure.

type AuthType

type AuthType string

AuthType identifies how a credential was obtained.

const (
	AuthTypeOAuth  AuthType = "oauth"
	AuthTypeAPIKey AuthType = "api_key"
)

type HostEntry

type HostEntry struct {
	ActiveUser string               `json:"active_user"`
	Users      map[string]UserEntry `json:"users"`
}

HostEntry holds all users for a single host.

type OAuthCredential

type OAuthCredential struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token"`
	Expiry       time.Time `json:"expiry,omitempty"`
}

OAuthCredential holds an OAuth access and refresh token pair, along with the access token's absolute expiry. Expiry is what golang.org/x/oauth2 uses to decide whether to refresh; persisting it lets refresh work across CLI invocations.

type Store

type Store struct {
	// contains filtered or unexported fields
}

Store manages reading and writing auth.json and keyring secrets.

func NewStore

func NewStore(opts StoreOptions) *Store

NewStore creates a Store from the given options.

func (*Store) ActiveUser

func (s *Store) ActiveUser(host string) (label string, entry UserEntry, ok bool)

ActiveUser returns the active user label and entry for a host.

func (*Store) GetAPIKey

func (s *Store) GetAPIKey(host, label string) (string, error)

GetAPIKey retrieves the API key for a user, trying the keyring first, then falling back to the auth.json plaintext field.

func (*Store) GetOAuthCredential

func (s *Store) GetOAuthCredential(host, label string) (*OAuthCredential, error)

GetOAuthCredential retrieves the OAuth credential for a user, trying the keyring first, then falling back to the auth.json plaintext field.

func (*Store) Load

func (s *Store) Load() (*AuthFile, error)

Load reads auth.json from disk. Returns an empty AuthFile if it does not exist.

func (*Store) RemoveUser

func (s *Store) RemoveUser(host, label string) error

RemoveUser removes a user from a host and deletes their keyring entry. If the removed user was active, active_user is cleared.

func (*Store) Save

func (s *Store) Save(af *AuthFile) error

Save writes auth.json to disk, creating the directory if needed.

func (*Store) SetAPIKeyUser

func (s *Store) SetAPIKeyUser(host, label, apiKey string, warnWriter func(string)) error

SetAPIKeyUser stores an API key credential for a user and sets them as active.

func (*Store) SetOAuthUser

func (s *Store) SetOAuthUser(host, label string, cred OAuthCredential, warnWriter func(string)) error

SetOAuthUser stores an OAuth credential for a user and sets them as active. Tries the keyring first; falls back to plaintext in auth.json with a warning written to warnWriter (if non-nil).

func (*Store) SwitchUser

func (s *Store) SwitchUser(host, label string) error

SwitchUser sets the active user for a host. Returns an error if the user does not exist.

type StoreOptions

type StoreOptions struct {
	// Dir is the directory where auth.json is stored.
	Dir string

	// InsecureStorage, when true, stores secrets in auth.json instead of
	// the system keyring.
	InsecureStorage bool
}

StoreOptions configures a Store.

type Transport

type Transport struct {
	Store *Store
	Host  string

	// OAuthConfig is the OAuth2 configuration used for token refresh.
	OAuthConfig *oauth2.Config

	// EnvAPIKey, if set, takes priority over all stored credentials.
	EnvAPIKey string

	Base http.RoundTripper
}

Transport is an HTTP client that injects the appropriate Authorization header based on the active credential. For OAuth credentials, it uses oauth2.TokenSource for transparent token refresh.

It implements the Do(*http.Request) (*http.Response, error) interface expected by the baseten-go SDK clients.

func (*Transport) Do

func (t *Transport) Do(req *http.Request) (*http.Response, error)

type UserEntry

type UserEntry struct {
	AuthType AuthType `json:"auth_type"`

	// InsecureOAuthCredential and InsecureAPIKey are only populated when
	// the keyring is unavailable or --insecure-storage was used.
	InsecureOAuthCredential *OAuthCredential `json:"oauth_credential,omitempty"`
	InsecureAPIKey          string           `json:"api_key,omitempty"`
}

UserEntry is a single stored credential in auth.json.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL