Documentation
¶
Index ¶
- func DeleteClient(host string) error
- func DeleteTokens(host string) error
- func EmailFromJWT(raw string) string
- func EnsureAuth(ctx context.Context) error
- func LoadOAuthToken(host string) string
- func Login(ctx context.Context) error
- func Logout(ctx context.Context) error
- func LookupBackendURL(ctx context.Context, email string) (string, error)
- func SaveClient(host string, cl *StoredClient) error
- func SaveTokens(host string, tok *StoredTokens) error
- func Status(ctx context.Context, validateToken TokenValidator) error
- type ErrOAuthNotSupported
- type StoredClient
- type StoredTokens
- type TokenValidator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DeleteClient ¶ added in v0.9.2
DeleteClient removes a stored client registration for the given host.
func DeleteTokens ¶
DeleteTokens removes stored tokens for the given host.
func EmailFromJWT ¶
EmailFromJWT decodes a JWT payload (without verification) and returns the email claim, or "" if unavailable or the token is not a valid JWT.
func EnsureAuth ¶
EnsureAuth returns nil if the client has usable credentials.
func LoadOAuthToken ¶
LoadOAuthToken returns a valid, non-expired OAuth access token for host, or "". If the stored token is expired and a refresh token is available, it attempts a silent refresh and persists the new tokens before returning.
func Login ¶
Login performs the full OAuth 2.0 login flow for the configured Glean host.
Strategy (in order):
- Authorization Code + PKCE via DCR or static client
- Device Authorization Grant (RFC 8628) using the Glean-advertised client ID
- Inline API token prompt when OAuth is not available at all
func Logout ¶
Logout removes stored OAuth tokens, OAuth client registration, and any saved config/keyring credentials for the current host.
func LookupBackendURL ¶
LookupBackendURL resolves a work email to a Glean backend base URL using Glean's domain discovery API.
func SaveClient ¶
func SaveClient(host string, cl *StoredClient) error
SaveClient persists an OAuth client registration for the given host.
func SaveTokens ¶
func SaveTokens(host string, tok *StoredTokens) error
SaveTokens persists OAuth tokens for the given host.
Types ¶
type ErrOAuthNotSupported ¶ added in v0.9.1
type ErrOAuthNotSupported struct {
URL string
}
ErrOAuthNotSupported is returned when the protected resource endpoint returns 404.
func (*ErrOAuthNotSupported) Error ¶ added in v0.9.1
func (e *ErrOAuthNotSupported) Error() string
type StoredClient ¶
type StoredClient struct {
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret,omitempty"`
}
StoredClient holds a registered or configured OAuth client for a Glean host.
func LoadClient ¶
func LoadClient(host string) (*StoredClient, error)
LoadClient returns a stored client registration for the given host, or nil if none exist.
type StoredTokens ¶
type StoredTokens struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token,omitempty"`
Expiry time.Time `json:"expiry,omitempty"`
Email string `json:"email,omitempty"`
TokenType string `json:"token_type,omitempty"`
TokenEndpoint string `json:"token_endpoint,omitempty"` // used for token refresh
}
StoredTokens holds persisted OAuth tokens for a Glean host.
func LoadTokens ¶
func LoadTokens(host string) (*StoredTokens, error)
LoadTokens returns stored tokens for the given host, or nil if none exist.
func (*StoredTokens) IsExpired ¶
func (t *StoredTokens) IsExpired() bool
IsExpired returns true if the token expires within the next 60 seconds.
Source Files
Directories