Documentation
¶
Overview ¶
Package oauth provides OAuth 2.0 PKCE authentication flow for CLI applications
Index ¶
Constants ¶
const (
DefaultHost = "buildkite.com"
)
Variables ¶
var AllScopes = []string{
"read_agents",
"read_artifacts",
"read_build_logs",
"read_builds",
"read_clusters",
"read_job_env",
"read_pipeline_templates",
"read_pipelines",
"read_rules",
"write_agents",
"write_artifacts",
"write_build_logs",
"write_builds",
"write_clusters",
"write_pipeline_templates",
"write_pipelines",
"write_rules",
"read_organizations",
"read_teams",
"read_user",
"write_teams",
"read_secrets_details",
"write_secrets",
"read_suites",
"read_test_plan",
"write_suites",
"write_test_plan",
"delete_packages",
"delete_registries",
"read_packages",
"read_registries",
"write_packages",
"write_registries",
"read_portals",
"write_portals",
}
AllScopes is the complete set of Buildkite API token scopes. When no --scopes flag is provided, the CLI requests all of these and Buildkite grants only the ones the user actually has permission for.
Reference: https://buildkite.com/docs/apis/managing-api-tokens
var DefaultClientID = "5214b230f06b48938ab5"
DefaultClientID is the OAuth client ID for the Buildkite CLI This can be overridden with ldflags
var ScopeGroups = map[string][]string{
"read_only": {
"read_agents",
"read_artifacts",
"read_build_logs",
"read_builds",
"read_clusters",
"read_job_env",
"read_organizations",
"read_packages",
"read_pipeline_templates",
"read_pipelines",
"read_portals",
"read_registries",
"read_rules",
"read_secrets_details",
"read_suites",
"read_teams",
"read_test_plan",
"read_user",
},
}
ScopeGroups defines named groups of scopes that can be used with --scopes. For example, --scopes "read_only" expands to all read_* scopes.
Functions ¶
func ResolveScopes ¶ added in v3.33.0
ResolveScopes expands scope group names (e.g., "read_only") into their individual scopes. Unknown tokens are passed through as literal scopes. Multiple groups and individual scopes can be mixed:
"read_only write_builds" → "read_agents read_artifacts ... write_builds"
Types ¶
type CallbackResult ¶
CallbackResult holds the result from the OAuth callback
type Config ¶
type Config struct {
Host string // e.g., "buildkite.com"
ClientID string // OAuth client ID
OrgSlug string // Organization slug (used for organization_uuid lookup)
OrgUUID string // Organization UUID
CallbackURL string // e.g., "http://127.0.0.1:8080/callback"
Scopes string // Space-separated OAuth scopes
}
Config holds OAuth configuration
type Flow ¶
type Flow struct {
// contains filtered or unexported fields
}
Flow manages an OAuth authentication flow
func (*Flow) AuthorizationURL ¶
AuthorizationURL returns the URL to open in the browser
func (*Flow) ExchangeCode ¶
ExchangeCode exchanges the authorization code for an access token
func (*Flow) WaitForCallback ¶
func (f *Flow) WaitForCallback(ctx context.Context) (*CallbackResult, error)
WaitForCallback waits for the OAuth callback and returns the authorization code
Source Files