auth

package
v0.0.0-...-f32819c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2026 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrKeyNotFound = errors.New("encryption key not found in keyring")

ErrKeyNotFound is returned when the encryption key is not found in the keyring.

Functions

func DeleteSessionState 

func DeleteSessionState(sessionID string) error

DeleteSessionState removes the current session state (i.e., signs out the user).

func LoginWithBrowser 

func LoginWithBrowser(ctx context.Context, authProvider *AuthProviderConfig) error

func MachineLogin 

func MachineLogin(authProvider *AuthProviderConfig, clientID, clientSecret string) error

func RevokeAndDeleteSession 

func RevokeAndDeleteSession(authProvider *AuthProviderConfig, sessionID string) error

RevokeAndDeleteSession revokes tokens server-side and removes local session state. Server-side revocation is best-effort; local deletion always proceeds.

func RevokeRefreshToken 

func RevokeRefreshToken(authProvider *AuthProviderConfig, refreshToken string)

RevokeRefreshToken revokes a refresh token at the authorization server per RFC 7009. This is best-effort: errors are logged at Warn level but not returned, since local cleanup should proceed regardless of server-side revocation success.

func SaveSessionState 

func SaveSessionState(sessionID string, userType UserType, tokenSet *TokenSet) error

SaveSessionState saves the current session state (with GCM-encrypted tokenSet).

Types

type AuthProviderConfig 

type AuthProviderConfig struct {
	Name             string `yaml:"name"`             // Name of the provider (used as sessionID as well).
	ClientID         string `yaml:"clientId"`         // OAuth2 client ID.
	AuthEndpoint     string `yaml:"authEndpoint"`     // Eg, "https://auth.metaplay.dev/oauth2/auth".
	TokenEndpoint    string `yaml:"tokenEndpoint"`    // Eg, "https://auth.metaplay.dev/oauth2/token".
	RevokeEndpoint   string `yaml:"revokeEndpoint"`   // Eg, "https://auth.metaplay.dev/oauth2/revoke".
	UserInfoEndpoint string `yaml:"userInfoEndpoint"` // Eg, "https://portal.metaplay.dev/api/external/userinfo"
	Scopes           string `yaml:"scopes"`           // Eg, "openid profile email offline_access"
	Audience         string `yaml:"audience"`         // Eg, "managed-gameservers"
}

OAuth2 client configuration.

func NewMetaplayAuthProvider 

func NewMetaplayAuthProvider() *AuthProviderConfig

Create a default AuthProvider that uses Metaplay Auth.

func (*AuthProviderConfig) GetSessionID 

func (provider *AuthProviderConfig) GetSessionID() string

type PersistedConfig 

type PersistedConfig struct {
	Sessions map[string]PersistedSessionState `json:"sessions"` // Persisted sessions, use sessionID as key.
}

Represents the config.json persisted on disk.

type PersistedSessionState 

type PersistedSessionState struct {
	UserType       UserType `json:"userType"`              // Type of the user (human or machine)
	TokenSetLegacy string   `json:"tokenSet,omitempty"`    // Legacy CFB-encrypted tokenSet (deprecated)
	TokenSetGCM    string   `json:"tokenSetGcm,omitempty"` // GCM-encrypted tokenSet
}

Persisted session state (with encrypted tokenSet).

type SessionState 

type SessionState struct {
	UserType UserType  // Type of user in portal.
	TokenSet *TokenSet // TokenSet for the user.
}

In-memory session state.

func LoadSessionState 

func LoadSessionState(sessionID string) (*SessionState, error)

LoadSessionState loads a session state and decrypts the tokenSet. Returns nil if there is no existing session. If a legacy CFB-encrypted session is found, it is automatically migrated to GCM. On Linux, sessions encrypted with the fallback key are re-encrypted with the keyring-based key if a keyring becomes available.

type TokenSet 

type TokenSet struct {
	IDToken      string `json:"id_token"`
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	TokenType    string `json:"token_type,omitempty"`
	Scope        string `json:"scope,omitempty"`
}

Type for Metaplay Auth. Get this using OAuth2 code exchange with auth.metaplay.dev.

func LoadAndRefreshTokenSet 

func LoadAndRefreshTokenSet(authProvider *AuthProviderConfig) (*TokenSet, error)

Load the current token set. If not logged in, just return empty tokens. If logged in and tokens have expired, refresh the tokens. If the refresh fails, return an error. \todo Forget the tokens if the refresh fails (due to keys already used)

type UserInfoResponse 

type UserInfoResponse struct {
	Subject    string   `json:"sub"` // Same as account.provideAccountId (not portal userID)
	Email      string   `json:"email"`
	Picture    string   `json:"picture"`
	GivenName  string   `json:"given_name"`
	FamilyName string   `json:"family_name"`
	Name       string   `json:"name"`
	Roles      []string `json:"https://schemas.metaplay.io/roles"`
}

*

func FetchUserInfo 

func FetchUserInfo(authProvider *AuthProviderConfig, tokenSet *TokenSet) (*UserInfoResponse, error)

type UserType 

type UserType string

Type of user in portal (human or machine). 

const (
	UserTypeHuman   UserType = "human"
	UserTypeMachine UserType = "machine"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.