Documentation
¶
Index ¶
- Variables
- func BuildAuthURL(cfg *config.Config, codeChallenge, state string, scopes []string) string
- func GenerateCodeChallenge(verifier string) string
- func GenerateCodeVerifier() (string, error)
- func GenerateState() (string, error)
- func OverrideTokenURL(u string) func()
- func SaveToken(cfg *config.Config, token *Token) error
- func StartCallbackServer(port int, state string) (string, error)
- func StartCallbackServerAsync(port int, state string) (<-chan CallbackResult, error)
- func TokenPath(cfg *config.Config) string
- type CallbackResult
- type Token
- func ExchangeCode(ctx context.Context, cfg *config.Config, code, codeVerifier string) (*Token, error)
- func GetValidToken(cfg *config.Config) (*Token, error)
- func LoadToken(cfg *config.Config) (*Token, error)
- func RefreshAccessToken(ctx context.Context, cfg *config.Config, token *Token) (*Token, error)
Constants ¶
This section is empty.
Variables ¶
var AllScopes = []string{
"mfc/accounting/offices.read",
"mfc/accounting/accounts.read",
"mfc/accounting/departments.read",
"mfc/accounting/journal.read",
"mfc/accounting/report.read",
"mfc/accounting/taxes.read",
"mfc/accounting/trade_partners.read",
"mfc/accounting/connected_account.read",
"mfc/accounting/journal.write",
"mfc/accounting/voucher.write",
"mfc/accounting/trade_partners.write",
"mfc/accounting/transaction.write",
}
AllScopes contains all available scopes including write permissions.
var DefaultScopes = []string{
"mfc/accounting/offices.read",
"mfc/accounting/accounts.read",
"mfc/accounting/departments.read",
"mfc/accounting/journal.read",
"mfc/accounting/report.read",
"mfc/accounting/taxes.read",
"mfc/accounting/trade_partners.read",
"mfc/accounting/connected_account.read",
}
DefaultScopes contains read-only scopes for MoneyForward Accounting API.
Functions ¶
func BuildAuthURL ¶
BuildAuthURL constructs the OAuth 2.0 authorization URL with PKCE parameters.
func GenerateCodeChallenge ¶
GenerateCodeChallenge derives a PKCE code challenge from a verifier (SHA256 + base64url).
func GenerateCodeVerifier ¶
GenerateCodeVerifier generates a PKCE code verifier (32 random bytes, base64url encoded).
func GenerateState ¶
GenerateState generates a random state parameter (16 random bytes, hex encoded).
func OverrideTokenURL ¶
func OverrideTokenURL(u string) func()
OverrideTokenURL replaces the token endpoint and returns a restore function. Intended for use in tests from external packages.
func StartCallbackServer ¶
StartCallbackServer starts a local HTTP server that waits for the OAuth callback. It verifies the state parameter and returns the authorization code.
func StartCallbackServerAsync ¶
func StartCallbackServerAsync(port int, state string) (<-chan CallbackResult, error)
StartCallbackServerAsync starts the listener and returns a channel that delivers the result. The server is started before returning, so the caller can open the browser after this call.
Types ¶
type CallbackResult ¶
CallbackResult holds the result from the OAuth callback.
type Token ¶
type Token struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in,omitempty"`
Expiry time.Time `json:"expiry"`
Scopes []string `json:"scopes"`
}
Token represents an OAuth 2.0 token.
func ExchangeCode ¶
func ExchangeCode(ctx context.Context, cfg *config.Config, code, codeVerifier string) (*Token, error)
ExchangeCode exchanges an authorization code for an access token.
func GetValidToken ¶
GetValidToken loads a token, refreshes it if expired, and returns a valid token. It uses file locking to coordinate concurrent processes.
func RefreshAccessToken ¶
RefreshAccessToken exchanges a refresh token for a new access token.
func (*Token) IsExpired ¶
IsExpired reports whether the token has expired (with a 30-second buffer).
func (*Token) SetExpiryFromExpiresIn ¶
func (t *Token) SetExpiryFromExpiresIn()
SetExpiryFromExpiresIn computes the Expiry field from ExpiresIn (seconds).
Source Files