oauth

package
v0.0.0-...-232ca89 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package oauth provides an out-of-the-box OAuth authentication provider for proto-cli.

It supports both Device Code (interactive) and Authorization Code with PKCE (flag-based) flows, stores tokens as JSON with automatic refresh, and implements all cliauth interfaces. 

provider := oauth.NewProvider(
    oauth.WithClientID("my-client-id"),
    oauth.WithEndpoints("https://auth.example.com/authorize", "https://auth.example.com/token"),
    oauth.WithDeviceAuthURL("https://auth.example.com/device/code"),
    oauth.WithScopes("openid", "profile", "email"),
)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Provider 

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements cliauth.InteractiveLoginProvider, cliauth.LogoutProvider, cliauth.StatusProvider, and cliauth.AuthDecorator using OAuth 2.0 flows.

func NewProvider 

func NewProvider(opts ...ProviderOption) *Provider

NewProvider creates a Provider configured with the given options.

func (*Provider) Decorate 

func (p *Provider) Decorate(ctx context.Context, store cliauth.AuthStore) (map[string]string, error)

Decorate loads the stored token, refreshes it if needed, and returns authorization metadata.

func (*Provider) Flags 

func (p *Provider) Flags() []cli.Flag

Flags returns CLI flags that trigger the PKCE login flow.

func (*Provider) Login 

func (p *Provider) Login(ctx context.Context, cmd *cli.Command, store cliauth.AuthStore) error

Login performs an Authorization Code with PKCE flow.

func (*Provider) LoginInteractive 

func (p *Provider) LoginInteractive(ctx context.Context, _ io.Reader, out io.Writer, store cliauth.AuthStore) error

LoginInteractive performs a Device Code flow, printing verification instructions to out.

func (*Provider) Logout 

func (p *Provider) Logout(ctx context.Context, store cliauth.AuthStore) error

Logout revokes the stored token (if a revocation URL is configured) and deletes it from the store.

func (*Provider) Status 

func (p *Provider) Status(ctx context.Context, store cliauth.AuthStore) (string, error)

Status returns a human-readable summary of the stored authentication state.

type ProviderOption 

type ProviderOption func(*Provider)

ProviderOption configures a Provider.

func WithAudience 

func WithAudience(aud string) ProviderOption

WithAudience sets the audience parameter sent with authorization requests.

func WithBrowserOpen 

func WithBrowserOpen(fn func(url string) error) ProviderOption

WithBrowserOpen sets the function used to open a URL in the user's browser. Useful for testing or environments without a browser.

func WithClientID 

func WithClientID(id string) ProviderOption

WithClientID sets the OAuth client ID.

func WithClientSecret 

func WithClientSecret(secret string) ProviderOption

WithClientSecret sets the OAuth client secret for confidential clients.

func WithDeviceAuthURL 

func WithDeviceAuthURL(url string) ProviderOption

WithDeviceAuthURL sets the device authorization endpoint URL.

func WithEndpoints 

func WithEndpoints(authURL, tokenURL string) ProviderOption

WithEndpoints sets the authorization and token endpoint URLs.

func WithExpiryBuffer 

func WithExpiryBuffer(d time.Duration) ProviderOption

WithExpiryBuffer sets how far before token expiry a refresh should be triggered.

func WithHTTPClient 

func WithHTTPClient(client *http.Client) ProviderOption

WithHTTPClient sets a custom HTTP client (useful for testing or proxies).

func WithLoginCallback 

func WithLoginCallback(fn func(token *oauth2.Token)) ProviderOption

WithLoginCallback sets a function called after a successful login with the new token.

func WithLoopbackHost 

func WithLoopbackHost(host string) ProviderOption

WithLoopbackHost sets the host for the PKCE loopback redirect server.

func WithRevocationURL 

func WithRevocationURL(url string) ProviderOption

WithRevocationURL sets the token revocation endpoint URL (RFC 7009).

func WithScopes 

func WithScopes(scopes ...string) ProviderOption

WithScopes sets the OAuth scopes to request.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.