auth

package
v0.0.22 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 17, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package auth implements OAuth PKCE and device-code flows for SSO login.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FormatTLSPreflightFix 

func FormatTLSPreflightFix(result *TLSPreflightResult) string

FormatTLSPreflightFix returns a user-friendly message for TLS preflight failures.

func SaveKey 

func SaveKey(envVar, apiKey string) error

SaveKey saves an API key to ~/.pi-go/.env.

Types

type DeviceCodeResponse 

type DeviceCodeResponse struct {
	DeviceCode      string `json:"device_code"`
	UserCode        string `json:"user_code"`
	VerificationURI string `json:"verification_uri"`
	ExpiresIn       int    `json:"expires_in"`
	Interval        int    `json:"interval"`
}

DeviceCodeResponse holds the device authorization response.

func DeviceFlow 

func DeviceFlow(ctx context.Context, prov Provider) (*DeviceCodeResponse, error)

DeviceFlow runs the OAuth device authorization grant (RFC 8628). Returns the device code response so the caller can display the user code, then polls for completion.

type Provider 

type Provider struct {
	Name          string
	EnvVar        string
	AuthURL       string // OAuth authorization endpoint
	TokenURL      string // OAuth token endpoint
	ClientID      string // OAuth client ID (public client)
	Scopes        []string
	ExtraParams   map[string]string // additional auth URL params
	TokenToKey    func(tok *TokenResponse) string
	KeyPageURL    string // fallback manual key page
	DeviceURL     string // device authorization endpoint (optional)
	UseDeviceFlow bool   // prefer device code flow over PKCE
	TLSPreflight  bool   // run TLS preflight before OAuth (OpenAI Codex)
	CodexOAuth    bool   // use Codex OAuth callback + token-exchange semantics
}

Provider holds OAuth configuration for an LLM provider.

func FindProvider 

func FindProvider(name string) (Provider, bool)

FindProvider returns a provider by name.

func Providers 

func Providers() []Provider

Providers returns the list of configured OAuth providers.

type Result 

type Result struct {
	Provider string
	APIKey   string
	EnvVar   string
	Err      error
}

Result is the outcome of an SSO login flow.

func PKCEFlow 

func PKCEFlow(ctx context.Context, prov Provider, openBrowser func(string) error) (*Result, error)

PKCEFlow runs the OAuth PKCE authorization code flow. It starts a local HTTP server, opens the browser, and waits for the callback.

func PollDeviceToken 

func PollDeviceToken(ctx context.Context, prov Provider, deviceCode string, interval int) (*Result, error)

PollDeviceToken polls for the device code token until authorized or expired.

type TLSPreflightResult 

type TLSPreflightResult struct {
	OK      bool
	Kind    string // "tls-cert" or "network"
	Code    string
	Message string
}

TLSPreflightResult is the outcome of the OAuth TLS preflight check.

func RunTLSPreflight 

func RunTLSPreflight(timeoutMs int) *TLSPreflightResult

RunTLSPreflight probes the OpenAI auth endpoint to detect TLS certificate issues.

type TokenResponse 

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	RefreshToken string `json:"refresh_token"`
	Scope        string `json:"scope"`
	IDToken      string `json:"id_token"`
	APIKey       string `json:"api_key"`        // some providers return key directly
	APIKeyCamel  string `json:"apiKey"`         // alternate camelCase response key
	OpenAIAPIKey string `json:"openai_api_key"` // alternate token-exchange response key
}

TokenResponse holds the OAuth token response.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.