Documentation
¶
Index ¶
- Constants
- Variables
- func DeleteAccessToken(cfg config.Hook) (bool, error)
- func GetAuthenticatedClient(baseURL string, tokenSource *TokenSource, timeout time.Duration, ...) (*kk.SDK, kk.HTTPClient, error)
- func SaveAccessToken(cfg config.Hook, token *AccessToken) error
- func ValidateKonnectURL(rawURL string) error
- type AccessToken
- func LoadAccessToken(cfg config.Hook, refreshURL string, timeout time.Duration, ...) (*AccessToken, error)
- func PollForToken(ctx context.Context, httpClient *http.Client, url string, clientID string, ...) (*AccessToken, error)
- func RefreshAccessToken(refreshURL string, refreshToken string, timeout time.Duration, ...) (*AccessToken, error)
- type AccessTokenResponse
- type DAGError
- type DeviceCodeResponse
- type RefreshingHTTPClient
- type TokenSource
- type TokenSourceOptions
Constants ¶
View Source
const DefaultAccessTokenExpirySkew = time.Minute
Variables ¶
View Source
var ( DAGGrantType = "urn:ietf:params:oauth:grant-type:device_code" AuthorizationPendingErrorCode = "authorization_pending" )
View Source
var ErrTokenRefreshUnsupported = errors.New("token refresh is not supported")
Functions ¶
func GetAuthenticatedClient ¶
func GetAuthenticatedClient( baseURL string, tokenSource *TokenSource, timeout time.Duration, transportOptions httpclient.TransportOptions, retryConfig *httpclient.RetryConfig, logger *slog.Logger, ) (*kk.SDK, kk.HTTPClient, error)
func SaveAccessToken ¶
func SaveAccessToken(cfg config.Hook, token *AccessToken) error
func ValidateKonnectURL ¶ added in v0.10.0
ValidateKonnectURL parses rawURL and ensures it uses HTTPS and targets a trusted Kong-owned domains.
Types ¶
type AccessToken ¶
type AccessToken struct {
Token *AccessTokenResponse `json:"token"`
ReceivedAt time.Time `json:"received_at"`
}
func LoadAccessToken ¶
func LoadAccessToken( cfg config.Hook, refreshURL string, timeout time.Duration, transportOptions httpclient.TransportOptions, logger *slog.Logger, ) (*AccessToken, error)
For a given profile, load a saved token from disk in the same path as the config path. * If there is no file, return error. * If it's not expired, return it. * If it's expired, refresh it, then store it, then return it
func PollForToken ¶
func RefreshAccessToken ¶
func RefreshAccessToken( refreshURL string, refreshToken string, timeout time.Duration, transportOptions httpclient.TransportOptions, logger *slog.Logger, ) (*AccessToken, error)
func (*AccessToken) IsExpired ¶
func (t *AccessToken) IsExpired() bool
type AccessTokenResponse ¶
type DAGError ¶
type DeviceCodeResponse ¶
type DeviceCodeResponse struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval,omitempty"`
}
func RequestDeviceCode ¶
type RefreshingHTTPClient ¶ added in v0.10.0
type RefreshingHTTPClient struct {
// contains filtered or unexported fields
}
RefreshingHTTPClient retries one replayable request after a recoverable 401.
func NewRefreshingHTTPClient ¶ added in v0.10.0
func NewRefreshingHTTPClient(base kk.HTTPClient, tokenSource *TokenSource) *RefreshingHTTPClient
type TokenSource ¶ added in v0.10.0
type TokenSource struct {
// contains filtered or unexported fields
}
TokenSource provides the current Konnect bearer token for each request. It is safe for concurrent use by future parallel executor workers.
func NewTokenSource ¶ added in v0.10.0
func NewTokenSource(cfg config.Hook, opts TokenSourceOptions) *TokenSource
func (*TokenSource) Refreshable ¶ added in v0.10.0
func (s *TokenSource) Refreshable() bool
type TokenSourceOptions ¶ added in v0.10.0
type TokenSourceOptions struct {
PAT string
RefreshURL string
Timeout time.Duration
TransportOptions httpclient.TransportOptions
Logger *slog.Logger
ExpirySkew time.Duration
Refresh refreshAccessTokenFunc
}
Source Files
Click to show internal directories.
Click to hide internal directories.