oauth

package
v3.38.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 24, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package oauth provides OAuth 2.0 PKCE authentication flow for CLI applications

Index

Constants

View Source
const (
	DefaultHost = "buildkite.com"
)

Variables

View Source
var AllScopes = []string{

	"read_agents",
	"read_artifacts",
	"read_build_logs",
	"read_builds",
	"read_clusters",
	"read_job_env",
	"read_pipeline_templates",
	"read_pipelines",
	"read_rules",
	"write_agents",
	"write_artifacts",
	"write_build_logs",
	"write_builds",
	"write_clusters",
	"write_pipeline_templates",
	"write_pipelines",
	"write_rules",

	"read_organizations",
	"read_teams",
	"read_user",
	"write_teams",

	"read_secrets_details",
	"write_secrets",

	"read_suites",
	"read_test_plan",
	"write_suites",
	"write_test_plan",

	"delete_packages",
	"delete_registries",
	"read_packages",
	"read_registries",
	"write_packages",
	"write_registries",

	"read_portals",
	"write_portals",
}

AllScopes is the complete set of Buildkite API token scopes. When no --scopes flag is provided, the CLI requests all of these and Buildkite grants only the ones the user actually has permission for.

Reference: https://buildkite.com/docs/apis/managing-api-tokens

View Source
var DefaultClientID = "5214b230f06b48938ab5"

DefaultClientID is the OAuth client ID for the Buildkite CLI This can be overridden with ldflags

View Source
var ScopeGroups = map[string][]string{
	"read_only": {
		"read_agents",
		"read_artifacts",
		"read_build_logs",
		"read_builds",
		"read_clusters",
		"read_job_env",
		"read_organizations",
		"read_packages",
		"read_pipeline_templates",
		"read_pipelines",
		"read_portals",
		"read_registries",
		"read_rules",
		"read_secrets_details",
		"read_suites",
		"read_teams",
		"read_test_plan",
		"read_user",
	},
}

ScopeGroups defines named groups of scopes that can be used with --scopes. For example, --scopes "read_only" expands to all read_* scopes.

Functions

func ResolveScopes added in v3.33.0

func ResolveScopes(input string) string

ResolveScopes expands scope group names (e.g., "read_only") into their individual scopes. Unknown tokens are passed through as literal scopes. Multiple groups and individual scopes can be mixed:

"read_only write_builds" → "read_agents read_artifacts ... write_builds"

Types

type CallbackResult

type CallbackResult struct {
	Code  string
	State string
	Error string
}

CallbackResult holds the result from the OAuth callback

type Config

type Config struct {
	Host        string // e.g., "buildkite.com"
	ClientID    string // OAuth client ID
	OrgSlug     string // Organization slug (used for organization_uuid lookup)
	OrgUUID     string // Organization UUID
	CallbackURL string // e.g., "http://127.0.0.1:8080/callback"
	Scopes      string // Space-separated OAuth scopes
}

Config holds OAuth configuration

type Flow

type Flow struct {
	// contains filtered or unexported fields
}

Flow manages an OAuth authentication flow

func NewFlow

func NewFlow(cfg *Config) (*Flow, error)

NewFlow creates a new OAuth flow

func (*Flow) AuthorizationURL

func (f *Flow) AuthorizationURL() string

AuthorizationURL returns the URL to open in the browser

func (*Flow) Close

func (f *Flow) Close() error

Close cleans up the OAuth flow resources

func (*Flow) ExchangeCode

func (f *Flow) ExchangeCode(ctx context.Context, code string) (*TokenResponse, error)

ExchangeCode exchanges the authorization code for an access token

func (*Flow) WaitForCallback

func (f *Flow) WaitForCallback(ctx context.Context) (*CallbackResult, error)

WaitForCallback waits for the OAuth callback and returns the authorization code

type TokenResponse

type TokenResponse struct {
	AccessToken string `json:"access_token"`
	TokenType   string `json:"token_type"`
	Scope       string `json:"scope"`
	Error       string `json:"error,omitempty"`
	ErrorDesc   string `json:"error_description,omitempty"`
}

TokenResponse holds the token exchange response

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL