lfxv2

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Overview

Package lfxv2 provides client configuration for LFX v2 API services.

Token Exchange

The package supports automatic OAuth2 token exchange (RFC 8693) for converting MCP access tokens into LFX API tokens. Token exchange is performed per-request using tokens stored in the request context.

Usage in MCP Tools

Tools should extract the raw MCP token from the request and attach it to the context before making LFX API calls: 

func handleMyTool(ctx context.Context, req *mcp.CallToolRequest, args MyToolArgs) (*mcp.CallToolResult, any, error) {
    // Extract raw MCP token from request.
    mcpToken, err := lfxv2.ExtractMCPToken(req.Extra.TokenInfo)
    if err != nil {
        return nil, nil, err
    }

    // Attach token to context for LFX API calls.
    ctx = lfxv2.WithMCPToken(ctx, mcpToken)

    // Create clients with token exchange enabled.
    clients, err := lfxv2.NewClients(ctx, lfxv2.ClientConfig{
        APIDomain: "https://api.lfx.dev",
        TokenExchangeClient: tokenExchangeClient, // shared instance
    })
    if err != nil {
        return nil, nil, err
    }

    // Make API calls - token exchange happens automatically.
    projects, err := clients.Project.GetProjects(ctx, &projectservice.GetProjectsPayload{})
    // ...
}

Token Caching

Exchanged tokens are cached per MCP token to avoid redundant exchanges. The cache is thread-safe and automatically expires tokens with a 5-minute buffer.

Package lfxv2 provides client utilities for interacting with LFX v2 APIs, including OAuth2 token exchange.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractMCPToken 

func ExtractMCPToken(tokenInfo *auth.TokenInfo) (string, error)

ExtractMCPToken extracts the raw MCP token from auth.TokenInfo.Extra. This token can be passed to WithMCPToken for use in LFX API calls. Returns an error if the token cannot be extracted.

func WithMCPToken 

func WithMCPToken(ctx context.Context, token string) context.Context

WithMCPToken returns a context with the MCP bearer token attached. This token will be used for OAuth2 token exchange when making LFX API calls.

Types

type ClientConfig 

type ClientConfig struct {
	// APIDomain is the LFX API base domain.
	APIDomain string

	// HTTPClient is the HTTP client to use for API calls.
	// If nil, a default client with 30s timeout will be created.
	HTTPClient *http.Client

	// TokenExchangeClient is the RFC 8693 OAuth2 token exchange client.
	// If provided, the client will automatically exchange MCP tokens (from request context)
	// for target API tokens.
	TokenExchangeClient *TokenExchangeClient
}

ClientConfig holds configuration for LFX v2 API clients.

type Clients 

type Clients struct {
	Project *projectservice.Client
	// contains filtered or unexported fields
}

Clients holds initialized LFX v2 API service clients.

func NewClients 

func NewClients(_ context.Context, cfg ClientConfig) (*Clients, error)

NewClients initializes and returns LFX v2 API service clients.

type TokenExchangeClient 

type TokenExchangeClient struct {
	// contains filtered or unexported fields
}

TokenExchangeClient handles OAuth2 token exchange per RFC 8693.

func NewTokenExchangeClient 

func NewTokenExchangeClient(cfg TokenExchangeConfig) (*TokenExchangeClient, error)

NewTokenExchangeClient creates a new RFC 8693 token exchange client.

func (*TokenExchangeClient) ExchangeToken 

func (c *TokenExchangeClient) ExchangeToken(ctx context.Context, subjectToken string) (*TokenExchangeResponse, error)

ExchangeToken exchanges a subject token for a new access token per RFC 8693.

type TokenExchangeConfig 

type TokenExchangeConfig struct {
	// TokenEndpoint is the OAuth2 token endpoint URL (e.g., "https://example.auth0.com/oauth/token").
	TokenEndpoint string

	// ClientID is the M2M client ID for token exchange.
	ClientID string

	// ClientSecret is the M2M client secret for token exchange.
	// Ignored if ClientAssertionSigningKey is provided.
	ClientSecret string

	// ClientAssertionSigningKey is the PEM-encoded RSA private key for generating client assertions.
	// If provided, this takes precedence over ClientSecret for client authentication.
	// The key is used to sign a JWT assertion per RFC 7523.
	ClientAssertionSigningKey string

	// SubjectTokenType is the token type of the incoming subject token (e.g., LFX MCP API identifier).
	SubjectTokenType string

	// Audience is the target audience for the exchanged token (e.g., LFX V2 API identifier).
	Audience string

	// HTTPClient is the HTTP client to use for token exchange.
	// If nil, a default client with 30s timeout will be created.
	HTTPClient *http.Client
}

TokenExchangeConfig holds configuration for OAuth2 token exchange (RFC 8693).

type TokenExchangeResponse 

type TokenExchangeResponse struct {
	AccessToken     string `json:"access_token"`
	IssuedTokenType string `json:"issued_token_type,omitempty"`
	TokenType       string `json:"token_type"`
	ExpiresIn       int    `json:"expires_in"`
	Scope           string `json:"scope,omitempty"`
	RefreshToken    string `json:"refresh_token,omitempty"`
}

TokenExchangeResponse represents the response from OAuth2 token exchange per RFC 8693.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.