oidc

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultPort is the default port for the callback server
	DefaultPort = 5747
	// DefaultCallbackPath is the default path for the OIDC callback
	DefaultCallbackPath = "/auth/sstart"
	// DefaultTimeout is the default timeout for the authentication flow
	DefaultTimeout = 5 * time.Minute
)
View Source 
const (
	// TokenFileName is the name of the file where tokens are stored (fallback)
	TokenFileName = "tokens.json"
	// ConfigDirName is the name of the directory where sstart stores its configuration
	ConfigDirName = "sstart"
	// KeyringService is the service name used for keyring storage
	KeyringService = "sstart"
	// KeyringUser is the user/account name used for keyring storage
	KeyringUser = "sso-tokens"
)
View Source 
const SSOSecretEnvVar = "SSTART_SSO_SECRET"

SSOSecretEnvVar is the environment variable name for the OIDC client secret

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthResult 

type AuthResult struct {
	Tokens   *Tokens
	UserInfo *UserInfo
}

AuthResult holds the result of a successful authentication

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client represents an OIDC client for SSO authentication

func NewClient 

func NewClient(cfg *config.OIDCConfig) (*Client, error)

NewClient creates a new OIDC client from the provided configuration

func (*Client) ClearTokens 

func (c *Client) ClearTokens() error

ClearTokens removes the stored tokens from both keyring and file

func (*Client) GetAccessToken 

func (c *Client) GetAccessToken(ctx context.Context) (string, error)

GetAccessToken returns the current access token, refreshing if needed

func (*Client) GetStorageBackend 

func (c *Client) GetStorageBackend() StorageBackend

GetStorageBackend returns the current storage backend being used

func (*Client) GetTokenPath 

func (c *Client) GetTokenPath() string

GetTokenPath returns the current token storage path (file storage)

func (*Client) GetTokens 

func (c *Client) GetTokens() (*Tokens, error)

GetTokens loads and returns the stored tokens

func (*Client) HasClientCredentials 

func (c *Client) HasClientCredentials() bool

HasClientCredentials returns true if the client has both client ID and client secret configured This indicates the client can use the client credentials flow for non-interactive authentication

func (*Client) IsAuthenticated 

func (c *Client) IsAuthenticated() bool

IsAuthenticated checks if valid tokens exist

func (*Client) LoadTokens 

func (c *Client) LoadTokens() (*Tokens, error)

LoadTokens loads the tokens, trying keyring first then falling back to file

func (*Client) Login 

func (c *Client) Login(ctx context.Context) (*AuthResult, error)

Login initiates the OIDC login flow It starts a local HTTP server to handle the callback, opens the browser for authentication, and returns the tokens upon successful authentication

func (*Client) LoginWithClientCredentials 

func (c *Client) LoginWithClientCredentials(ctx context.Context) (*AuthResult, error)

LoginWithClientCredentials performs the OAuth2 client credentials flow This is used for non-interactive (machine-to-machine) authentication

func (*Client) RefreshTokens 

func (c *Client) RefreshTokens(ctx context.Context) (*Tokens, error)

RefreshTokens refreshes the access token using the refresh token

func (*Client) SaveTokens 

func (c *Client) SaveTokens(tokens *Tokens) error

SaveTokens saves the tokens, trying keyring first then falling back to file

func (*Client) SetTokenPath 

func (c *Client) SetTokenPath(path string)

SetTokenPath sets a custom path for storing tokens (file storage)

func (*Client) TokensExist 

func (c *Client) TokensExist() bool

TokensExist checks if tokens exist in either keyring or file

type StorageBackend 

type StorageBackend string

StorageBackend represents the type of storage being used 

const (
	// StorageBackendKeyring indicates tokens are stored in the system keyring
	StorageBackendKeyring StorageBackend = "keyring"
	// StorageBackendFile indicates tokens are stored in a file
	StorageBackendFile StorageBackend = "file"
)

type Tokens 

type Tokens struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	IDToken      string    `json:"id_token,omitempty"`
	TokenType    string    `json:"token_type,omitempty"`
	Expiry       time.Time `json:"expiry,omitempty"`
}

Tokens represents the OIDC tokens received after authentication

type UserInfo 

type UserInfo struct {
	Subject           string `json:"sub"`
	Name              string `json:"name,omitempty"`
	GivenName         string `json:"given_name,omitempty"`
	FamilyName        string `json:"family_name,omitempty"`
	PreferredUsername string `json:"preferred_username,omitempty"`
	Email             string `json:"email,omitempty"`
	EmailVerified     bool   `json:"email_verified,omitempty"`
}

UserInfo represents the user information from the OIDC provider

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.