externalauth

package
v2.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: AGPL-3.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsGithubDotComURL added in v2.14.0 

func IsGithubDotComURL(str string) bool

IsGithubDotComURL returns true if the given URL is a github.com URL.

func IsInvalidTokenError added in v2.13.0 

func IsInvalidTokenError(err error) bool

Types

type AppInstallation 

type AppInstallation struct {
	ID int
	// Login is the username of the installation.
	Login string
	// URL is a link to configure the app install.
	URL string
}

type Config 

type Config struct {
	promoauth.InstrumentedOAuth2Config
	// ID is a unique identifier for the authenticator.
	ID string
	// Type is the type of provider.
	Type string

	ClientID     string
	ClientSecret string
	// DeviceAuth is set if the provider uses the device flow.
	DeviceAuth *DeviceAuth
	// DisplayName is the name of the provider to display to the user.
	DisplayName string
	// DisplayIcon is the path to an image that will be displayed to the user.
	DisplayIcon string

	// ExtraTokenKeys is a list of extra properties to
	// store in the database returned from the token endpoint.
	//
	// e.g. Slack returns `authed_user` in the token which is
	// a payload that contains information about the authenticated
	// user.
	ExtraTokenKeys []string

	// NoRefresh stops Coder from using the refresh token
	// to renew the access token.
	//
	// Some organizations have security policies that require
	// re-authentication for every token.
	NoRefresh bool
	// ValidateURL ensures an access token is valid before
	// returning it to the user. If omitted, tokens will
	// not be validated before being returned.
	ValidateURL string

	RevokeURL     string
	RevokeTimeout time.Duration

	// Regex is a Regexp matched against URLs for
	// a Git clone. e.g. "Username for 'https://github.com':"
	// The regex would be `github\.com`..
	Regex *regexp.Regexp
	// APIBaseURL is the base URL for provider REST API calls
	// (e.g., "https://api.github.com" for GitHub). Derived from
	// defaults when not explicitly configured.
	APIBaseURL string
	// AppInstallURL is for GitHub App's (and hopefully others eventually)
	// to provide a link to install the app. There's installation
	// of the application, and user authentication. It's possible
	// for the user to authenticate but the application to not.
	AppInstallURL string
	// AppInstallationsURL is an API endpoint that returns a list of
	// installations for the user. This is used for GitHub Apps.
	AppInstallationsURL string
	// Deprecated: Injected MCP in AI Bridge is deprecated and will be removed in a future release.
	//
	// MCPURL is the endpoint that clients must use to communicate with the associated
	// MCP server.
	MCPURL string
	// Deprecated: Injected MCP in AI Bridge is deprecated and will be removed in a future release.
	//
	// MCPToolAllowRegex is a [regexp.Regexp] to match tools which are explicitly allowed to be
	// injected into Coder AI Bridge upstream requests.
	// In the case of conflicts, [MCPToolDenylistPattern] overrides items evaluated by this list.
	// This field can be nil if unspecified in the config.
	MCPToolAllowRegex *regexp.Regexp
	// Deprecated: Injected MCP in AI Bridge is deprecated and will be removed in a future release.
	//
	// MCPToolDenyRegex is a [regexp.Regexp] to match tools which are explicitly NOT allowed to be
	// injected into Coder AI Bridge upstream requests.
	// In the case of conflicts, items evaluated by this list override [MCPToolAllowRegex].
	// This field can be nil if unspecified in the config.
	MCPToolDenyRegex              *regexp.Regexp
	CodeChallengeMethodsSupported []promoauth.Oauth2PKCEChallengeMethod
}

Config is used for authentication for Git operations.

func ConvertConfig 

func ConvertConfig(instrument *promoauth.Factory, entries []codersdk.ExternalAuthConfig, accessURL *url.URL) ([]*Config, error)

ConvertConfig converts the SDK configuration entry format to the parsed and ready-to-consume in coderd provider type.

func (*Config) AppInstallations 

func (c *Config) AppInstallations(ctx context.Context, token string) ([]codersdk.ExternalAuthAppInstallation, bool, error)

AppInstallations returns a list of app installations for the given token. If the provider does not support app installations, it returns nil.

func (*Config) GenerateTokenExtra added in v2.3.0 

func (c *Config) GenerateTokenExtra(token *oauth2.Token) (pqtype.NullRawMessage, error)

GenerateTokenExtra generates the extra token data to store in the database.

func (*Config) Git added in v2.32.0 

func (c *Config) Git(client *http.Client) gitprovider.Provider

Git returns a Provider for this config if the provider type is a supported git hosting provider. Returns nil for non-git providers (e.g. Slack, JFrog).

func (*Config) RefreshToken 

func (c *Config) RefreshToken(ctx context.Context, db database.Store, externalAuthLink database.ExternalAuthLink) (database.ExternalAuthLink, error)

RefreshToken automatically refreshes the token if expired and permitted.

func (*Config) RevokeToken added in v2.27.0 

func (c *Config) RevokeToken(ctx context.Context, link database.ExternalAuthLink) (bool, error)

func (*Config) TokenRevocationRequest added in v2.27.0 

func (c *Config) TokenRevocationRequest(ctx context.Context, link database.ExternalAuthLink) (*http.Request, error)

func (*Config) TokenRevocationRequestGitHub added in v2.27.0 

func (c *Config) TokenRevocationRequestGitHub(ctx context.Context, link database.ExternalAuthLink) (*http.Request, error)

func (*Config) TokenRevocationRequestRFC7009 added in v2.27.0 

func (c *Config) TokenRevocationRequestRFC7009(ctx context.Context, link database.ExternalAuthLink) (*http.Request, error)

func (*Config) TokenRevocationResponseOk added in v2.27.0 

func (c *Config) TokenRevocationResponseOk(res *http.Response) bool

func (*Config) ValidateToken 

func (c *Config) ValidateToken(ctx context.Context, link *oauth2.Token) (bool, *codersdk.ExternalAuthUser, error)

ValidateToken ensures the Git token provided is valid! The user is optionally returned if the provider supports it.

type DeviceAuth 

type DeviceAuth struct {
	// Config is provided for the http client method.
	Config   promoauth.InstrumentedOAuth2Config
	ClientID string
	TokenURL string
	Scopes   []string
	CodeURL  string
}

func (*DeviceAuth) AuthorizeDevice 

func (c *DeviceAuth) AuthorizeDevice(ctx context.Context) (*codersdk.ExternalAuthDevice, error)

AuthorizeDevice begins the device authorization flow. See: https://tools.ietf.org/html/rfc8628#section-3.1

func (*DeviceAuth) ExchangeDeviceCode 

func (c *DeviceAuth) ExchangeDeviceCode(ctx context.Context, deviceCode string) (*oauth2.Token, error)

ExchangeDeviceCode exchanges a device code for an access token. The boolean returned indicates whether the device code is still pending and the caller should try again.

type ExchangeDeviceCodeResponse 

type ExchangeDeviceCodeResponse struct {
	AccessToken      string `json:"access_token"`
	RefreshToken     string `json:"refresh_token"`
	ExpiresIn        int    `json:"expires_in"`
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

type InvalidTokenError added in v2.13.0 

type InvalidTokenError string

InvalidTokenError is a case where the "RefreshToken" failed to complete as a result of invalid credentials. Error contains the reason of the failure.

func (InvalidTokenError) Error added in v2.13.0 

func (e InvalidTokenError) Error() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.