Documentation
¶
Index ¶
- Constants
- func BuildAuthorizeURL(serverURL, redirectURI, state, challenge string) string
- func ExchangeSetupToken(ctx context.Context, exchangeURL, setupToken string) (string, error)
- func GeneratePKCE() (verifier, challenge string, err error)
- func GenerateState() (string, error)
- func OpenBrowser(url string) error
- func SetDebug(enabled bool)
- func StartCallbackServer(ctx context.Context) (port int, resultCh <-chan CallbackResult, err error)
- type CallbackResult
- type LoginRequest
- type LoginResponse
- type TokenResponse
Constants ¶
const PlaceholderRedirectURI = "http://127.0.0.1:12345/callback"
PlaceholderRedirectURI is a fixed redirect URI used in the login flow. No real callback server is needed since the CLI calls the login API directly.
Variables ¶
This section is empty.
Functions ¶
func BuildAuthorizeURL ¶
BuildAuthorizeURL constructs the authorization URL with PKCE and state parameters.
func ExchangeSetupToken ¶ added in v0.2.0
ExchangeSetupToken exchanges a setup token (fst_...) for an API key (flk_...). The endpoint requires no authentication — the setup token itself is the credential.
func GeneratePKCE ¶
GeneratePKCE creates a code_verifier and its S256 code_challenge.
func GenerateState ¶
GenerateState creates a random state parameter for CSRF protection.
func OpenBrowser ¶
OpenBrowser opens the given URL in the default browser.
func SetDebug ¶ added in v0.2.0
func SetDebug(enabled bool)
SetDebug enables debug logging on the auth HTTP client.
func StartCallbackServer ¶
func StartCallbackServer(ctx context.Context) (port int, resultCh <-chan CallbackResult, err error)
StartCallbackServer starts a localhost HTTP server that listens for the OAuth callback. It returns the port the server is listening on and a channel that will receive the authorization code. The server shuts down after receiving the callback or when the context is cancelled.
Types ¶
type CallbackResult ¶
CallbackResult holds the code and state received from the OAuth callback.
type LoginRequest ¶
type LoginRequest struct {
Email string `json:"email"`
Password string `json:"password"`
ClientID string `json:"client_id"`
RedirectURI string `json:"redirect_uri"`
ResponseType string `json:"response_type"`
CodeChallenge string `json:"code_challenge"`
CodeChallengeMethod string `json:"code_challenge_method"`
State string `json:"state"`
}
LoginRequest is the JSON body sent to the /oauth2/login endpoint.
type LoginResponse ¶
type LoginResponse struct {
Code string `json:"code"`
RedirectURI string `json:"redirect_uri"`
State string `json:"state"`
}
LoginResponse is the JSON response from the /oauth2/login endpoint.
func Login ¶
func Login(ctx context.Context, loginURL string, req *LoginRequest) (*LoginResponse, error)
Login sends credentials to the login endpoint and returns an auth code.
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
}
TokenResponse holds the tokens returned by the authorization server.
func ExchangeCode ¶
func ExchangeCode(ctx context.Context, tokenURL, code, verifier, redirectURI string) (*TokenResponse, error)
ExchangeCode exchanges an authorization code for tokens.
func RefreshTokens ¶
func RefreshTokens(ctx context.Context, refreshURL, refreshToken string) (*TokenResponse, error)
RefreshTokens exchanges a refresh token for a new token pair.