auth

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 29, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package auth provides hand-written helpers that drive multi-step OAuth flows the generated client cannot orchestrate. Currently exposes:

DeviceCodeLogin — RFC 8628 OAuth 2.0 Device Authorization Grant.

The helpers do NOT replace the generated PeaknodeClient — once a Token is obtained, callers construct a PeaknodeClient with Bearer auth via the generated SDK as usual.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrDeviceCodeExpired is returned when the device code expires before
	// the user approves it (RFC 8628 §3.5 expired_token, or local deadline).
	ErrDeviceCodeExpired = errors.New("device code expired before approval")
	// ErrDeviceCodeDenied is returned when the user (or org policy) denies
	// the request (RFC 8628 §3.5 access_denied).
	ErrDeviceCodeDenied = errors.New("device code authorization denied")
)

Typed errors for callers.

Functions

This section is empty.

Types

type DeviceCodeConfig

type DeviceCodeConfig struct {
	BaseURL     string                              // required, e.g. https://api.peaknode.ar
	ClientID    string                              // required: OAuth client ID to authenticate as
	Scopes      []string                            // space-joined for the form body
	Resource    string                              // optional RFC 8707 indicator
	OpenBrowser bool                                // when true, attempts to open the verification URI via os/exec
	OnUserCode  func(code, uri, uriComplete string) // display hook invoked once after initiate
	HTTPClient  *http.Client                        // optional override; defaults to 30s timeout
}

DeviceCodeConfig configures DeviceCodeLogin. BaseURL and ClientID are required; the remaining fields have sensible defaults.

type Token

type Token struct {
	AccessToken  string    `json:"access_token"`
	TokenType    string    `json:"token_type"`
	RefreshToken string    `json:"refresh_token"`
	ExpiresIn    int       `json:"expires_in"` // seconds until expiry from issuance
	ExpiresAt    time.Time `json:"-"`          // derived; not from wire
	Scope        string    `json:"scope"`      // space-separated granted scopes
}

Token is the successful return from DeviceCodeLogin.

func DeviceCodeLogin

func DeviceCodeLogin(ctx context.Context, cfg DeviceCodeConfig) (*Token, error)

DeviceCodeLogin executes the full RFC 8628 OAuth Device Authorization Grant. Blocks until token is issued, denied, expires, or ctx is cancelled.

Flow:

  1. POST /oauth/device_authorization → device_code, user_code, verification_uri.
  2. Invoke OnUserCode hook with the codes (display) and optionally open the verification URI in the user's browser (OpenBrowser=true).
  3. Poll POST /oauth/token at the server-supplied interval. Honor slow_down by bumping the local interval by +5s per RFC 8628 §3.5.
  4. Return a Token on success; ErrDeviceCodeExpired / ErrDeviceCodeDenied on terminal errors.

func (*Token) ScopesSlice

func (t *Token) ScopesSlice() []string

ScopesSlice returns Token.Scope split on whitespace.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL