keychain

package
v1.0.36 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 6, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package keychain provides secure storage for OAuth tokens using platform-native secure storage mechanisms (macOS Keychain, Linux secret-tool) with file fallback.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrTokenNotFound indicates no token exists in storage
	ErrTokenNotFound = errors.New("no token found in secure storage")
)

Functions

func DeleteToken

func DeleteToken() error

DeleteToken removes the OAuth token from secure storage

func GetToken

func GetToken() (*oauth2.Token, error)

GetToken retrieves the OAuth token from secure storage

func HasStoredToken

func HasStoredToken() bool

HasStoredToken returns true if a token exists in secure storage

func IsSecureStorage

func IsSecureStorage() bool

IsSecureStorage returns true if using secure storage (keychain/secret-tool)

func MigrateFromFile

func MigrateFromFile(tokenFilePath string) error

MigrateFromFile migrates token.json to secure storage if it exists

func NewPersistentTokenSource

func NewPersistentTokenSource(ctx context.Context, config *oauth2.Config, initial *oauth2.Token) oauth2.TokenSource

NewPersistentTokenSource creates a TokenSource that persists refreshed tokens. When the underlying oauth2 package refreshes an expired token, this wrapper detects the change and saves the new token to secure storage.

func SetToken

func SetToken(token *oauth2.Token) error

SetToken stores the OAuth token in secure storage

Types

type PersistentTokenSource

type PersistentTokenSource struct {
	// contains filtered or unexported fields
}

PersistentTokenSource wraps a TokenSource and persists refreshed tokens. This solves the problem where oauth2's automatic token refresh doesn't persist the new token to storage.

func (*PersistentTokenSource) Token

func (p *PersistentTokenSource) Token() (*oauth2.Token, error)

Token returns a valid token, refreshing and persisting if necessary. This method is safe for concurrent use.

type StorageBackend

type StorageBackend string

StorageBackend represents where tokens are stored

const (
	BackendKeychain   StorageBackend = "Keychain"    // macOS Keychain
	BackendSecretTool StorageBackend = "secret-tool" // Linux libsecret
	BackendFile       StorageBackend = "config file" // File fallback
)

StorageBackend constants define where OAuth tokens are persisted.

func GetStorageBackend

func GetStorageBackend() StorageBackend

GetStorageBackend returns the current storage backend being used

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL