Documentation
¶
Overview ¶
Package auth provides hand-written helpers that drive multi-step OAuth flows the generated client cannot orchestrate. Currently exposes:
DeviceCodeLogin — RFC 8628 OAuth 2.0 Device Authorization Grant.
The helpers do NOT replace the generated PeaknodeClient — once a Token is obtained, callers construct a PeaknodeClient with Bearer auth via the generated SDK as usual.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrDeviceCodeExpired is returned when the device code expires before // the user approves it (RFC 8628 §3.5 expired_token, or local deadline). ErrDeviceCodeExpired = errors.New("device code expired before approval") // ErrDeviceCodeDenied is returned when the user (or org policy) denies // the request (RFC 8628 §3.5 access_denied). ErrDeviceCodeDenied = errors.New("device code authorization denied") )
Typed errors for callers.
Functions ¶
This section is empty.
Types ¶
type DeviceCodeConfig ¶
type DeviceCodeConfig struct {
BaseURL string // required, e.g. https://api.peaknode.ar
ClientID string // required: OAuth client ID to authenticate as
Scopes []string // space-joined for the form body
Resource string // optional RFC 8707 indicator
OpenBrowser bool // when true, attempts to open the verification URI via os/exec
OnUserCode func(code, uri, uriComplete string) // display hook invoked once after initiate
HTTPClient *http.Client // optional override; defaults to 30s timeout
}
DeviceCodeConfig configures DeviceCodeLogin. BaseURL and ClientID are required; the remaining fields have sensible defaults.
type Token ¶
type Token struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
RefreshToken string `json:"refresh_token"`
ExpiresIn int `json:"expires_in"` // seconds until expiry from issuance
ExpiresAt time.Time `json:"-"` // derived; not from wire
Scope string `json:"scope"` // space-separated granted scopes
}
Token is the successful return from DeviceCodeLogin.
func DeviceCodeLogin ¶
func DeviceCodeLogin(ctx context.Context, cfg DeviceCodeConfig) (*Token, error)
DeviceCodeLogin executes the full RFC 8628 OAuth Device Authorization Grant. Blocks until token is issued, denied, expires, or ctx is cancelled.
Flow:
- POST /oauth/device_authorization → device_code, user_code, verification_uri.
- Invoke OnUserCode hook with the codes (display) and optionally open the verification URI in the user's browser (OpenBrowser=true).
- Poll POST /oauth/token at the server-supplied interval. Honor slow_down by bumping the local interval by +5s per RFC 8628 §3.5.
- Return a Token on success; ErrDeviceCodeExpired / ErrDeviceCodeDenied on terminal errors.
func (*Token) ScopesSlice ¶
ScopesSlice returns Token.Scope split on whitespace.