tokenstore

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 28, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package tokenstore is the persistence interface for tokens, plus the Keyring reference implementation.

Profile is whatever string the caller wants to key by — typically a base URL, a kubectl-style context name, or a principal handle.

Index

Constants

This section is empty.

Variables

View Source 
var ErrMalformed = errors.New("malformed token entry")

ErrMalformed is returned (wrapped) when a stored entry exists but can't be decoded into a TokenSet. Used by callers that want to treat a malformed entry as a legacy/upgrade path (e.g. pre-shim bare-string entries from older binaries) without confusing it with transport errors from the underlying keyring.

View Source 
var ErrNotFound = errors.New("token not found")

ErrNotFound is returned when a profile has no stored tokens. Callers distinguish "not logged in" from genuine errors with errors.Is.

Functions

This section is empty.

Types

type Keyring 

type Keyring struct {
	Service string
}

Keyring is a Store backed by the OS keyring.

Each profile gets one entry under the configured Service name. The entry holds a JSON-encoded TokenSet so refresh tokens, expiry, and scope round-trip alongside the access token.

func NewKeyring 

func NewKeyring(service string) *Keyring

NewKeyring returns a Keyring with the given service name. The service name namespaces entries in the OS keyring; pick something unique per CLI binary so two CLIs don't collide.

func (*Keyring) DeleteTokens 

func (k *Keyring) DeleteTokens(profile string) error

DeleteTokens removes the TokenSet for profile. A missing entry is a no-op.

func (*Keyring) LoadTokens 

func (k *Keyring) LoadTokens(profile string) (tokens.TokenSet, error)

LoadTokens returns the TokenSet stored for profile. Returns ErrNotFound when the profile has nothing stored.

func (*Keyring) SaveTokens 

func (k *Keyring) SaveTokens(profile string, t tokens.TokenSet) error

SaveTokens marshals t to JSON and stores it under profile in the OS keyring. Empty access tokens are rejected.

type Store 

type Store interface {
	SaveTokens(profile string, t tokens.TokenSet) error
	LoadTokens(profile string) (tokens.TokenSet, error)
	DeleteTokens(profile string) error
}

Store persists token bundles keyed by an opaque profile string.

Implementations must:

  • Return ErrNotFound (not a zero value, no error) when LoadTokens is called for an unknown profile.
  • Treat DeleteTokens of a missing profile as a no-op.
  • Not write empty access tokens; SaveTokens should reject them.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.