auth

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package auth stores bot tokens out of plaintext. The OS keyring (macOS Keychain, Linux Secret Service, Windows Credential Manager) is primary; an encrypted file is the fallback for headless hosts where no keyring is available (GOAL.md §1).

Index

Constants

View Source
const Service = "slackctl"

Service is the keyring service name under which tokens are stored, keyed by profile.

Variables

View Source
var ErrNotFound = errors.New("no token stored for this profile")

ErrNotFound is returned when no token is stored for a profile.

Functions

func Key

func Key(profile string, kind TokenKind) string

Key namespaces a keyring/file entry per profile AND kind. The bot token keeps the bare profile name so entries written by earlier versions keep working; '#' cannot appear in a profile name (config.ValidateProfileName), so the suffix can never collide with a profile.

func SetSession

func SetSession(s Store, profile string, creds SessionCreds) error

SetSession stores the xoxc/xoxd pair for a profile as a single JSON secret.

Types

type SessionCreds

type SessionCreds struct {
	Token  string `json:"xoxc"`
	Cookie string `json:"xoxd"`
}

SessionCreds is a browser web-client credential pair (the scheme Slack's web client uses): the xoxc- token plus the paired xoxd- "d" cookie. Both are required — an xoxc token without its cookie is rejected by Slack. It is stored as one JSON keyring entry under the session key so the pair can never be half-written.

func GetSession

func GetSession(s Store, profile string) (SessionCreds, error)

GetSession loads the stored session pair for a profile. It returns ErrNotFound when none is stored, and a descriptive error if the stored blob is corrupt.

type Store

type Store interface {
	Set(profile, token string) error
	Get(profile string) (string, error)
	Delete(profile string) error
	// Backend names where the token currently lives ("keyring" or "file"), for doctor output.
	Backend() string
}

Store persists and retrieves a per-profile secret token.

func New

func New(dir string) Store

New returns the default token store. dir is where the encrypted fallback file lives (the config dir); it is only touched if the keyring is unreachable.

type TokenKind

type TokenKind string

TokenKind names the Slack token kinds a workspace profile can hold. One workspace often needs more than one: the bot token (xoxb-) drives most methods, a user token (xoxp-) unlocks user-only methods (search.messages, stars.*), and an app-level token (xapp-) opens Socket Mode connections for `slackctl listen`.

const (
	KindBot  TokenKind = "bot"
	KindUser TokenKind = "user"
	KindApp  TokenKind = "app"
	// KindSession is a browser-session pair (xoxc token + xoxd cookie) — the scheme
	// Slack's web client uses. Stored as one JSON keyring entry; acts as the user's own
	// identity, so it backs both bot- and user-kind commands when no OAuth token exists.
	KindSession TokenKind = "session"
)

func (TokenKind) EnvVar

func (k TokenKind) EnvVar() string

EnvVar is the conventional Slack environment variable for this kind — the ecosystem's real names (SLACK_BOT_TOKEN, ...), not an invented SLACKCTL_* scheme (GOAL.md §1).

func (TokenKind) Valid

func (k TokenKind) Valid() bool

Valid reports whether k is a known kind.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL