oauth

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Overview

Package oauth acquires, caches, and refreshes OAuth2 access tokens for clic. It is deliberately free of any clic-internal dependencies (callers map their own auth config onto oauth.Config), so it can be used from both the headless CLI and the interactive studio without import cycles.

Index

Constants

View Source 
const (
	FlowClientCredentials = "client_credentials"
	FlowAuthorizationCode = "authorization_code"
)

Grant flows clic can perform. The string values match provider.Flow* so the caller-side mapping is a direct copy.

View Source 
const DefaultRedirectURL = "http://127.0.0.1:9799/callback"

DefaultRedirectURL is the loopback redirect used for the authorization-code flow when the caller does not override it. The fixed port lets it be pre-registered with the OAuth provider.

Variables

View Source 
var ErrLoginRequired = errors.New("oauth2: interactive login required")

ErrLoginRequired is returned by Token when a valid token is not cached and the configured flow needs interactive login (authorization_code). Callers should run Login (e.g. via `clic login`) to obtain one.

Functions

func CachedToken 

func CachedToken(cfg Config) (string, bool)

CachedToken returns the cached access token if one is present and unexpired, without any network call. The studio uses it to seed auth state on launch.

func HasValidToken 

func HasValidToken(cfg Config) bool

HasValidToken reports whether a non-expired token is already cached, without fetching or refreshing. The studio uses it to show auth status at a glance.

func Login 

func Login(ctx context.Context, cfg Config, opener Opener) (string, error)

Login obtains a token interactively when needed and caches it: a direct fetch for client-credentials, or the browser-based authorization-code + PKCE flow. opener may be nil to use the default system browser.

func Logout 

func Logout(cfg Config) error

Logout removes any cached token for the given credential set.

func Token 

func Token(ctx context.Context, cfg Config) (string, error)

Token returns a valid access token without any interaction: it reuses a cached token, silently refreshes an expired one when a refresh token is present, and otherwise fetches a fresh token for the non-interactive client-credentials flow. For authorization_code with no usable cached token it returns ErrLoginRequired.

Types

type Config 

type Config struct {
	Flow         string
	ClientID     string
	ClientSecret string
	AuthURL      string // authorization endpoint (authorization_code)
	TokenURL     string
	Scopes       []string
	RedirectURL  string // loopback redirect (authorization_code); DefaultRedirectURL if empty
}

Config is everything oauth needs to obtain a token for one credential set.

type Opener 

type Opener func(url string) error

Opener launches the user's browser to the given URL. It is injectable so the authorization-code flow can be driven in tests without a real browser.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.