Documentation
¶
Overview ¶
Package auth stores bot tokens out of plaintext. The OS keyring (macOS Keychain, Linux Secret Service, Windows Credential Manager) is primary; an encrypted file is the fallback for headless hosts where no keyring is available (GOAL.md §1).
Index ¶
Constants ¶
const Service = "slackctl"
Service is the keyring service name under which tokens are stored, keyed by profile.
Variables ¶
var ErrNotFound = errors.New("no token stored for this profile")
ErrNotFound is returned when no token is stored for a profile.
Functions ¶
func Key ¶
Key namespaces a keyring/file entry per profile AND kind. The bot token keeps the bare profile name so entries written by earlier versions keep working; '#' cannot appear in a profile name (config.ValidateProfileName), so the suffix can never collide with a profile.
func SetSession ¶
func SetSession(s Store, profile string, creds SessionCreds) error
SetSession stores the xoxc/xoxd pair for a profile as a single JSON secret.
Types ¶
type SessionCreds ¶
SessionCreds is a browser web-client credential pair (the scheme Slack's web client uses): the xoxc- token plus the paired xoxd- "d" cookie. Both are required — an xoxc token without its cookie is rejected by Slack. It is stored as one JSON keyring entry under the session key so the pair can never be half-written.
func GetSession ¶
func GetSession(s Store, profile string) (SessionCreds, error)
GetSession loads the stored session pair for a profile. It returns ErrNotFound when none is stored, and a descriptive error if the stored blob is corrupt.
type Store ¶
type Store interface {
Set(profile, token string) error
Get(profile string) (string, error)
Delete(profile string) error
// Backend names where the token currently lives ("keyring" or "file"), for doctor output.
Backend() string
}
Store persists and retrieves a per-profile secret token.
type TokenKind ¶
type TokenKind string
TokenKind names the Slack token kinds a workspace profile can hold. One workspace often needs more than one: the bot token (xoxb-) drives most methods, a user token (xoxp-) unlocks user-only methods (search.messages, stars.*), and an app-level token (xapp-) opens Socket Mode connections for `slackctl listen`.
const ( KindBot TokenKind = "bot" KindUser TokenKind = "user" KindApp TokenKind = "app" // KindSession is a browser-session pair (xoxc token + xoxd cookie) — the scheme // Slack's web client uses. Stored as one JSON keyring entry; acts as the user's own // identity, so it backs both bot- and user-kind commands when no OAuth token exists. KindSession TokenKind = "session" )