auth

package

v0.10.1 Latest Latest Go to latest Published: Oct 27, 2025 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/onkernel/cli

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func DeleteTokens() error
func GetAuthenticatedClient(opts ...option.RequestOption) (*kernel.Client, error)
func SaveTokens(tokens *TokenStorage) error
type AuthResult
type OAuthConfig
- func NewOAuthConfig() (*OAuthConfig, error)
- func (oc *OAuthConfig) StartOAuthFlow(ctx context.Context) (*TokenStorage, error)
type TokenResponse
type TokenStorage
- func LoadTokens() (*TokenStorage, error)
- func RefreshTokens(ctx context.Context, tokens *TokenStorage) (*TokenStorage, error)
- func (t *TokenStorage) IsExpired() bool

Constants ¶

View Source

const (
	// MCP Server OAuth endpoints (which proxy to Clerk)
	AuthURL  = "https://auth.onkernel.com/authorize"
	TokenURL = "https://auth.onkernel.com/token"

	// OAuth client configuration
	ClientID    = "hmFrJn9hKDV2N02M" // Prod Kernel CLI OAuth Client ID
	RedirectURI = "http://localhost"

	// OAuth scopes - openid for the MCP server flow
	DefaultScope = "openid email"
)

View Source

const (
	KeyringService = "kernel-cli"
	KeyringUser    = "oauth-tokens"
)

Variables ¶

This section is empty.

Functions ¶

func DeleteTokens ¶

func DeleteTokens() error

DeleteTokens removes stored authentication tokens

func GetAuthenticatedClient ¶

func GetAuthenticatedClient(opts ...option.RequestOption) (*kernel.Client, error)

GetAuthenticatedClient returns a Kernel client with appropriate authentication

func SaveTokens ¶

func SaveTokens(tokens *TokenStorage) error

SaveTokens stores authentication tokens securely in the OS keychain

Types ¶

type AuthResult ¶

type AuthResult struct {
	Code  string `json:"code"`
	OrgID string `json:"org_id,omitempty"`
}

AuthResult represents the result data passed through the callback channel

type OAuthConfig ¶

type OAuthConfig struct {
	Config   *oauth2.Config
	Verifier string
	State    string
}

OAuthConfig represents the OAuth2 configuration

func NewOAuthConfig ¶

func NewOAuthConfig() (*OAuthConfig, error)

NewOAuthConfig creates a new OAuth configuration with PKCE

func (*OAuthConfig) StartOAuthFlow ¶

func (oc *OAuthConfig) StartOAuthFlow(ctx context.Context) (*TokenStorage, error)

StartOAuthFlow initiates the OAuth flow with browser redirect

type TokenResponse ¶

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
	OrgID        string `json:"org_id"`
}

TokenResponse represents the OAuth token response

type TokenStorage ¶

type TokenStorage struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token"`
	ExpiresAt    time.Time `json:"expires_at"`
	OrgID        string    `json:"org_id"`
}

TokenStorage represents stored authentication tokens

func LoadTokens ¶

func LoadTokens() (*TokenStorage, error)

LoadTokens retrieves authentication tokens from secure storage

func RefreshTokens ¶

func RefreshTokens(ctx context.Context, tokens *TokenStorage) (*TokenStorage, error)

RefreshTokens refreshes the access token using the refresh token

func (*TokenStorage) IsExpired ¶

func (t *TokenStorage) IsExpired() bool

IsExpired checks if the access token is expired (with 5 minute buffer)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL