credential

package

v1.0.5 Latest Latest Go to latest Published: Apr 7, 2026 License: MIT Imports: 2 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/larksuite/cli

Links

Documentation ¶

Index ¶

Constants
func Register(p Provider)
type Account
type BlockError
- func (e *BlockError) Error() string
type Brand
type Identity
type IdentitySupport
type Provider
- func Providers() []Provider
type Token
type TokenSpec
type TokenType

Constants ¶

View Source

const NoAppSecret = ""

NoAppSecret marks that a credential source does not provide a real app secret. Token-only sources should return this value instead of inventing placeholder text.

Variables ¶

This section is empty.

Functions ¶

func Register ¶

func Register(p Provider)

Register registers a credential Provider. Providers are consulted in registration order. Typically called from init() via blank import.

Types ¶

type Account ¶

type Account struct {
	AppID               string
	AppSecret           string   // real app secret; empty or NoAppSecret means unavailable
	Brand               Brand    // BrandLark or BrandFeishu
	DefaultAs           Identity // IdentityUser / IdentityBot / IdentityAuto; empty = not set
	ProfileName         string
	OpenID              string          // optional; if UAT is available, API result takes precedence
	SupportedIdentities IdentitySupport // zero = provider did not declare; treat as no restriction
}

Account holds resolved app credentials and configuration.

type BlockError ¶

type BlockError struct {
	Provider string
	Reason   string
}

BlockError is returned by a Provider to actively reject a request and prevent subsequent providers in the chain from being consulted.

func (*BlockError) Error ¶

func (e *BlockError) Error() string

type Brand ¶

type Brand string

Brand represents the Lark platform brand.

const (
	BrandLark   Brand = "lark"
	BrandFeishu Brand = "feishu"
)

type Identity ¶

type Identity string

Identity represents the caller identity type.

const (
	IdentityUser Identity = "user"
	IdentityBot  Identity = "bot"
	IdentityAuto Identity = "auto"
)

type IdentitySupport ¶

type IdentitySupport uint8

IdentitySupport declares which identities a credential source can provide.

const (
	SupportsUser IdentitySupport = 1 << iota
	SupportsBot
	SupportsAll = SupportsUser | SupportsBot
)

func (IdentitySupport) BotOnly ¶

func (s IdentitySupport) BotOnly() bool

BotOnly returns true if only bot identity is supported.

func (IdentitySupport) Has ¶

func (s IdentitySupport) Has(flag IdentitySupport) bool

Has reports whether s includes the given flag.

func (IdentitySupport) UserOnly ¶

func (s IdentitySupport) UserOnly() bool

UserOnly returns true if only user identity is supported.

type Provider ¶

type Provider interface {
	Name() string
	ResolveAccount(ctx context.Context) (*Account, error)
	ResolveToken(ctx context.Context, req TokenSpec) (*Token, error)
}

Provider is the unified interface for credential resolution.

Flow control uses Go's native mechanisms:

Handle: return &Account{...}, nil or return &Token{...}, nil
Skip: return nil, nil
Block: return nil, &BlockError{...}

func Providers ¶

func Providers() []Provider

Providers returns all registered providers (snapshot).

type Token ¶

type Token struct {
	Value  string
	Scopes string // space-separated; empty = skip scope pre-check
	Source string // e.g. "env:LARKSUITE_CLI_USER_ACCESS_TOKEN", "vault:addr"
}

Token holds a resolved access token and optional metadata.

type TokenSpec ¶

type TokenSpec struct {
	Type  TokenType
	AppID string
}

TokenSpec describes what token is needed.

type TokenType ¶

type TokenType string

TokenType represents the kind of access token.

const (
	TokenTypeUAT TokenType = "uat"
	TokenTypeTAT TokenType = "tat"
)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
env

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL