embedded

package
v0.65.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Re-exports of the public types, constants, sentinel errors, and helper functions implemented in internal/authcore. This is the public alias layer: when authcore's exported surface changes, mirror the intended-public symbols here. The Service facade itself lives in facade.go / facade_methods.go.

Package embedded is the public, embedder-facing API of AuthKit.

The full service implementation lives in internal/authcore (driven by the authkit/http transport). core re-exports the public data types, config, constants, sentinel errors, and helper functions (see aliases.go), and exposes a deliberately small Client facade: only the methods an embedding application needs to provision, manage, mint, and query. Auth-flow plumbing that exists solely to serve the HTTP handlers is intentionally NOT on this facade — it stays internal so the v1 contract stays small and stable.

Curated embedder-facing methods of the public embedded.Client facade. Each one delegates to the internal engine (s.impl, *authcore.Service). Driven by real consumer usage, kept minimal (see SEMVER.md, #126/#130).

Index

Constants

View Source 
const AssuranceLevelMFA = authcore.AssuranceLevelMFA

Re-exported constants.

View Source 
const AssuranceLevelPassword = authcore.AssuranceLevelPassword
View Source 
const DefaultBootstrapManifestPath = authcore.DefaultBootstrapManifestPath
View Source 
const DelegatedAccessTokenType = authcore.DelegatedAccessTokenType
View Source 
const EphemeralMemory = authcore.EphemeralMemory
View Source 
const EphemeralRedis = authcore.EphemeralRedis
View Source 
const ErrCodeInvalidEmail = authcore.ErrCodeInvalidEmail
View Source 
const ErrCodeInvalidPhoneNumber = authcore.ErrCodeInvalidPhoneNumber
View Source 
const ErrCodeOwnerSlugTaken = authcore.ErrCodeOwnerSlugTaken
View Source 
const ErrCodePasswordTooShort = authcore.ErrCodePasswordTooShort
View Source 
const ErrCodeRenameRateLimited = authcore.ErrCodeRenameRateLimited
View Source 
const ErrCodeUsernameCannotContainAt = authcore.ErrCodeUsernameCannotContainAt
View Source 
const ErrCodeUsernameCannotStartWithPlus = authcore.ErrCodeUsernameCannotStartWithPlus
View Source 
const ErrCodeUsernameInvalidCharacters = authcore.ErrCodeUsernameInvalidCharacters
View Source 
const ErrCodeUsernameMustStartWithLetter = authcore.ErrCodeUsernameMustStartWithLetter
View Source 
const ErrCodeUsernameNotAllowed = authcore.ErrCodeUsernameNotAllowed
View Source 
const ErrCodeUsernameTooLong = authcore.ErrCodeUsernameTooLong
View Source 
const ErrCodeUsernameTooShort = authcore.ErrCodeUsernameTooShort
View Source 
const HashAlgoLegacyResetRequired = authcore.HashAlgoLegacyResetRequired
View Source 
const KindChangeEmail = authcore.KindChangeEmail
View Source 
const KindChangePhone = authcore.KindChangePhone
View Source 
const KindRegisterEmail = authcore.KindRegisterEmail
View Source 
const KindRegisterPhone = authcore.KindRegisterPhone
View Source 
const MaxCustomJWTLifetime = authcore.MaxCustomJWTLifetime
View Source 
const OwnerRoleName = authcore.OwnerRoleName
View Source 
const PasswordlessChannelEmail = authcore.PasswordlessChannelEmail
View Source 
const PasswordlessChannelSMS = authcore.PasswordlessChannelSMS
View Source 
const PasswordlessModeBoth = authcore.PasswordlessModeBoth
View Source 
const PasswordlessModeCode = authcore.PasswordlessModeCode
View Source 
const PasswordlessModeLink = authcore.PasswordlessModeLink
View Source 
const PermRootCredentialsManage = authcore.PermRootCredentialsManage
View Source 
const PermRootResourcesRead = authcore.PermRootResourcesRead
View Source 
const PermRootRolesManage = authcore.PermRootRolesManage
View Source 
const PermRootUsersBan = authcore.PermRootUsersBan
View Source 
const PermRootUsersDelete = authcore.PermRootUsersDelete
View Source 
const PermRootUsersRecover = authcore.PermRootUsersRecover
View Source 
const RegistrationModeAdminBootstrapOnly = authcore.RegistrationModeAdminBootstrapOnly
View Source 
const RegistrationModeAdminOnly = authcore.RegistrationModeAdminOnly
View Source 
const RegistrationModeClosed = authcore.RegistrationModeClosed
View Source 
const RegistrationModeInviteOnly = authcore.RegistrationModeInviteOnly
View Source 
const RegistrationModeManifestOnly = authcore.RegistrationModeManifestOnly
View Source 
const RegistrationModeOpen = authcore.RegistrationModeOpen
View Source 
const RegistrationVerificationNone = authcore.RegistrationVerificationNone
View Source 
const RegistrationVerificationOptional = authcore.RegistrationVerificationOptional
View Source 
const RegistrationVerificationRequired = authcore.RegistrationVerificationRequired
View Source 
const RemoteApplicationAccessTokenType = authcore.RemoteApplicationAccessTokenType
View Source 
const RootPersona = authcore.RootPersona
View Source 
const SensitiveActionFreshAuthWindow = authcore.SensitiveActionFreshAuthWindow
View Source 
const ServiceJWTType = authcore.ServiceJWTType
View Source 
const SessionEventCreated = authcore.SessionEventCreated
View Source 
const SessionEventFailed = authcore.SessionEventFailed
View Source 
const SessionEventPasswordChange = authcore.SessionEventPasswordChange
View Source 
const SessionEventPasswordRecovery = authcore.SessionEventPasswordRecovery
View Source 
const SessionEventRevoked = authcore.SessionEventRevoked
View Source 
const SessionRevokeReasonAdminRevoke = authcore.SessionRevokeReasonAdminRevoke
View Source 
const SessionRevokeReasonAdminRevokeAll = authcore.SessionRevokeReasonAdminRevokeAll
View Source 
const SessionRevokeReasonAdminSetPassword = authcore.SessionRevokeReasonAdminSetPassword
View Source 
const SessionRevokeReasonBanned = authcore.SessionRevokeReasonBanned
View Source 
const SessionRevokeReasonEvicted = authcore.SessionRevokeReasonEvicted
View Source 
const SessionRevokeReasonLogout = authcore.SessionRevokeReasonLogout
View Source 
const SessionRevokeReasonPasswordChange = authcore.SessionRevokeReasonPasswordChange
View Source 
const SessionRevokeReasonRefreshReuseDetected = authcore.SessionRevokeReasonRefreshReuseDetected
View Source 
const SessionRevokeReasonSoftDeleted = authcore.SessionRevokeReasonSoftDeleted
View Source 
const SessionRevokeReasonUnknown = authcore.SessionRevokeReasonUnknown
View Source 
const SessionRevokeReasonUserDisabled = authcore.SessionRevokeReasonUserDisabled
View Source 
const SessionRevokeReasonUserRevoke = authcore.SessionRevokeReasonUserRevoke
View Source 
const SessionRevokeReasonUserRevokeAll = authcore.SessionRevokeReasonUserRevokeAll
View Source 
const SolanaProviderSlug = authcore.SolanaProviderSlug
View Source 
const SolanaSNSStatusDisabled = authcore.SolanaSNSStatusDisabled
View Source 
const SolanaSNSStatusError = authcore.SolanaSNSStatusError
View Source 
const SolanaSNSStatusNotFound = authcore.SolanaSNSStatusNotFound
View Source 
const SolanaSNSStatusPending = authcore.SolanaSNSStatusPending
View Source 
const SolanaSNSStatusResolved = authcore.SolanaSNSStatusResolved
View Source 
const SolanaSNSStatusStale = authcore.SolanaSNSStatusStale
View Source 
const SubjectKindRemoteApp = authcore.SubjectKindRemoteApp
View Source 
const SubjectKindUser = authcore.SubjectKindUser

Variables

View Source 
var BuildSchema = authcore.BuildSchema

Re-exported variables, sentinel errors, and functions.

View Source 
var IntrinsicRootPermissions = authcore.IntrinsicRootPermissions

#136 no-escalation role-assignment errors.

View Source 
var IntrinsicRootPersona = authcore.IntrinsicRootPersona
View Source 
var IsDevEnvironment = authcore.IsDevEnvironment
View Source 
var LoadBootstrapManifestFile = authcore.LoadBootstrapManifestFile
View Source 
var MintDelegatedAccessToken = authcore.MintDelegatedAccessToken
View Source 
var MintRemoteApplicationAccessToken = authcore.MintRemoteApplicationAccessToken
View Source 
var MintServiceJWT = authcore.MintServiceJWT
View Source 
var NewGroupSchema = authcore.NewGroupSchema
View Source 
var NewPermissionGroupStore = authcore.NewPermissionGroupStore
View Source 
var NormalizeEmail = authcore.NormalizeEmail
View Source 
var NormalizePhone = authcore.NormalizePhone
View Source 
var NormalizePreferredLanguage = authcore.NormalizePreferredLanguage
View Source 
var NormalizeRemoteAppTrustSource = authcore.NormalizeRemoteAppTrustSource
View Source 
var OwnerGrant = authcore.OwnerGrant
View Source 
var ParseBootstrapManifestYAML = authcore.ParseBootstrapManifestYAML
View Source 
var PermCredentialsManage = authcore.PermCredentialsManage
View Source 
var PermCredentialsRead = authcore.PermCredentialsRead
View Source 
var PermMembersManage = authcore.PermMembersManage
View Source 
var PermMembersRead = authcore.PermMembersRead
View Source 
var PermRolesManage = authcore.PermRolesManage
View Source 
var PermRolesRead = authcore.PermRolesRead
View Source 
var PermissionPersona = authcore.PermissionPersona
View Source 
var ValidateEmail = authcore.ValidateEmail
View Source 
var ValidateGrantPattern = authcore.ValidateGrantPattern
View Source 
var ValidatePassword = authcore.ValidatePassword
View Source 
var ValidatePermission = authcore.ValidatePermission
View Source 
var ValidatePhone = authcore.ValidatePhone
View Source 
var ValidateUsername = authcore.ValidateUsername
View Source 
var ValidationErrorCode = authcore.ValidationErrorCode
View Source 
var WithAPIKeyResourceAuthorizer = authcore.WithAPIKeyResourceAuthorizer
View Source 
var WithAuthLogger = authcore.WithAuthLogger
View Source 
var WithDBTXWrapper = authcore.WithDBTXWrapper
View Source 
var WithEmailSender = authcore.WithEmailSender
View Source 
var WithEntitlements = authcore.WithEntitlements
View Source 
var WithEphemeralStore = authcore.WithEphemeralStore
View Source 
var WithPostgres = authcore.WithPostgres
View Source 
var WithSMSSender = authcore.WithSMSSender
View Source 
var WithSessionRevokeReason = authcore.WithSessionRevokeReason
View Source 
var WithSolanaSNSResolver = authcore.WithSolanaSNSResolver

Functions

This section is empty.

Types

type APIKeyResourceAuthorizationRequest 

type APIKeyResourceAuthorizationRequest = authcore.APIKeyResourceAuthorizationRequest

type APIKeyResourceAuthorizer 

type APIKeyResourceAuthorizer = authcore.APIKeyResourceAuthorizer

type APIKeyResourceAuthorizerFunc 

type APIKeyResourceAuthorizerFunc = authcore.APIKeyResourceAuthorizerFunc

type APIKeysConfig 

type APIKeysConfig = authcore.APIKeysConfig

type AdminRecoverUserInput 

type AdminRecoverUserInput = authcore.AdminRecoverUserInput

type AuthEventLogReader 

type AuthEventLogReader = authcore.AuthEventLogReader

type AuthEventLogger 

type AuthEventLogger = authcore.AuthEventLogger

type AuthSessionEvent 

type AuthSessionEvent = authcore.AuthSessionEvent

type BatchEntitlementsProvider 

type BatchEntitlementsProvider = authcore.BatchEntitlementsProvider

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is the public AuthKit service facade. It wraps the internal engine and exposes the curated embedder API (facade_methods.go). Construct it with NewFromConfig (recommended) or NewService.

func New 

func New(cfg Config, pg *pgxpool.Pool, extraOpts ...Option) (*Client, error)

NewFromConfig builds a Client from host configuration. Postgres is required (positional); optional dependencies are functional options.

func Wrap 

func Wrap(impl *authcore.Service) *Client

Wrap adapts an internal engine into the public facade. It is used by the authkit/http transport to back svc.Client(); the parameter type lives in internal/ and cannot be named (or constructed) outside the module, so this does not expose the full engine to external callers.

func (*Client) AdminCountUsers 

func (s *Client) AdminCountUsers(ctx context.Context, opts authkit.AdminUserListOptions) (int64, error)

func (*Client) AdminGetUser 

func (s *Client) AdminGetUser(ctx context.Context, id string) (*authkit.AdminUser, error)

func (*Client) AdminListUserSessions 

func (s *Client) AdminListUserSessions(ctx context.Context, userID string) ([]authkit.Session, error)

func (*Client) AdminListUsers 

func (s *Client) AdminListUsers(ctx context.Context, opts authkit.AdminUserListOptions) (*authkit.AdminListUsersResult, error)

func (*Client) AdminRevokeUserSessions 

func (s *Client) AdminRevokeUserSessions(ctx context.Context, userID string) error

func (*Client) AdminSetPassword 

func (s *Client) AdminSetPassword(ctx context.Context, userID, new string) error

func (*Client) ApplyBootstrapManifest 

func (s *Client) ApplyBootstrapManifest(ctx context.Context, manifest authkit.BootstrapManifest, opts authkit.BootstrapReconcileOptions) (authkit.BootstrapManifestResult, error)

func (*Client) ApplyBootstrapManifestFile 

func (s *Client) ApplyBootstrapManifestFile(ctx context.Context, path string, opts authkit.BootstrapReconcileOptions) (authkit.BootstrapManifestResult, error)

func (*Client) AssignGroupRole 

func (s *Client) AssignGroupRole(ctx context.Context, persona, instanceSlug, subjectID, subjectKind, role string) error

func (*Client) AssignGroupRoleAs 

func (s *Client) AssignGroupRoleAs(ctx context.Context, actorUserID, persona, instanceSlug, subjectID, subjectKind, role string) error

func (*Client) AssignRoleBySlug 

func (s *Client) AssignRoleBySlug(ctx context.Context, userID, slug string) error

func (*Client) AssignRoleBySlugAs 

func (s *Client) AssignRoleBySlugAs(ctx context.Context, actorUserID, userID, slug string) error

AssignRoleBySlugAs / RemoveRoleBySlugAs / AssignGroupRoleAs / UnassignGroupRoleAs are the actor-aware role-change methods (#136): they enforce the actor's <persona>:members:manage capability + no-escalation (perms(role) ⊆ perms(actor)) in embedded. Runtime/admin endpoints MUST use these; the non-As methods are the unchecked genesis path (bootstrap/migration).

func (*Client) BanUser 

func (s *Client) BanUser(ctx context.Context, userID string, reason *string, until *time.Time, bannedBy string) error

func (*Client) Can 

func (s *Client) Can(ctx context.Context, subjectID, subjectKind, persona, instanceSlug, perm string) (bool, error)

func (*Client) ChangePassword 

func (s *Client) ChangePassword(ctx context.Context, userID, current, new string, keepSessionID *string) error

func (*Client) CheckSMSHealth 

func (s *Client) CheckSMSHealth(ctx context.Context) error

func (*Client) CleanupExpiredAuthState 

func (s *Client) CleanupExpiredAuthState(ctx context.Context) error

func (*Client) ClearPasswordlessCodeAttempts 

func (s *Client) ClearPasswordlessCodeAttempts(ctx context.Context, identifier string)

func (*Client) ConfirmPasswordlessCode 

func (s *Client) ConfirmPasswordlessCode(ctx context.Context, identifier, code string) (authkit.PasswordlessConfirmResult, error)

func (*Client) ConfirmPasswordlessToken 

func (s *Client) ConfirmPasswordlessToken(ctx context.Context, token string) (authkit.PasswordlessConfirmResult, error)
func (s *Client) CreateGroupInviteLink(ctx context.Context, req authkit.CreateGroupInviteLinkRequest) (authkit.GroupInviteLinkCreated, error)

CreateGroupInviteLink mints a permission-group invite link (#134); the returned Code is the plaintext shown ONCE. Gated on the registration mode permitting invited self-registration (authkit.ErrExternalInvitesDisabled otherwise).

func (*Client) CreatePermissionGroup 

func (s *Client) CreatePermissionGroup(ctx context.Context, req authkit.CreatePermissionGroupRequest) (string, error)

func (*Client) CreateUser 

func (s *Client) CreateUser(ctx context.Context, email, username string) (*authkit.User, error)

func (*Client) DeleteRemoteApplication 

func (s *Client) DeleteRemoteApplication(ctx context.Context, issuer string) error

func (*Client) EnsureRootGroup 

func (s *Client) EnsureRootGroup(ctx context.Context) (string, error)

func (*Client) EntitlementsProvider 

func (s *Client) EntitlementsProvider() EntitlementsProvider

func (*Client) EphemeralMode 

func (s *Client) EphemeralMode() EphemeralMode

func (*Client) ExchangeRefreshToken 

func (s *Client) ExchangeRefreshToken(ctx context.Context, refreshToken string, ua string, ip net.IP) (string, time.Time, string, error)

func (*Client) ExternalInvitesEnabled 

func (s *Client) ExternalInvitesEnabled() bool

ExternalInvitesEnabled reports whether invite-link minting is permitted by the configured registration mode.

func (*Client) GetEmailByUserID 

func (s *Client) GetEmailByUserID(ctx context.Context, id string) (string, error)

func (*Client) GetProviderUsername 

func (s *Client) GetProviderUsername(ctx context.Context, userID, provider string) (string, error)

func (*Client) GetRemoteApplication 

func (s *Client) GetRemoteApplication(ctx context.Context, issuer string) (*authkit.RemoteApplication, error)

func (*Client) GetUserByEmail 

func (s *Client) GetUserByEmail(ctx context.Context, email string) (*authkit.User, error)

func (*Client) GetUserByPhone 

func (s *Client) GetUserByPhone(ctx context.Context, phone string) (*authkit.User, error)

func (*Client) GetUserBySolanaAddress 

func (s *Client) GetUserBySolanaAddress(ctx context.Context, address string) (*authkit.User, error)

func (*Client) GetUserByUsername 

func (s *Client) GetUserByUsername(ctx context.Context, username string) (*authkit.User, error)

func (*Client) GetUserMetadata 

func (s *Client) GetUserMetadata(ctx context.Context, userID string) (map[string]any, error)

func (*Client) HardDeleteUser 

func (s *Client) HardDeleteUser(ctx context.Context, userID string) error

func (*Client) HasEmailSender 

func (s *Client) HasEmailSender() bool

func (*Client) HasSMSSender 

func (s *Client) HasSMSSender() bool

func (*Client) ImportUsers 

func (s *Client) ImportUsers(ctx context.Context, inputs []authkit.ImportUserInput) (authkit.ImportUsersResult, error)

func (*Client) IsUserAllowed 

func (s *Client) IsUserAllowed(ctx context.Context, userID string) (bool, error)

func (*Client) IssueAccessToken 

func (s *Client) IssueAccessToken(ctx context.Context, userID, email string, extra map[string]any) (string, time.Time, error)

func (*Client) JWKS 

func (s *Client) JWKS() jwtkit.JWKS

func (*Client) Keyfunc 

func (s *Client) Keyfunc() func(token *jwt.Token) (any, error)

func (*Client) LinkProvider 

func (s *Client) LinkProvider(ctx context.Context, userID, provider, subject string, email *string) error

func (*Client) LinkProviderByIssuer 

func (s *Client) LinkProviderByIssuer(ctx context.Context, userID, issuer, providerSlug, subject string, email *string) error

func (*Client) ListAPIKeys 

func (s *Client) ListAPIKeys(ctx context.Context, persona, instanceSlug string) ([]authkit.APIKey, error)

func (*Client) ListEffectivePermissions 

func (s *Client) ListEffectivePermissions(ctx context.Context, subjectID, subjectKind, persona, instanceSlug string) ([]string, error)

ListEffectivePermissions returns the subject's effective grant PATTERNS in the group addressed by (persona, instanceSlug) — the introspection primitive behind a "what can I do here" endpoint (#421). Globs (e.g. `root:*`) are returned verbatim; an unknown group yields an empty set (fail-closed on real errors).

func (*Client) ListEntitlements 

func (s *Client) ListEntitlements(ctx context.Context, userID string) []string
func (s *Client) ListGroupInviteLinks(ctx context.Context, persona, instanceSlug string) ([]authkit.GroupInviteLink, error)

ListGroupInviteLinks lists a group's invite links (never returns the code).

func (*Client) ListGroupMembers 

func (s *Client) ListGroupMembers(ctx context.Context, persona, instanceSlug string) ([]authkit.GroupMember, error)

func (*Client) ListRemoteApplications 

func (s *Client) ListRemoteApplications(ctx context.Context, activeOnly bool) ([]authkit.RemoteApplication, error)

func (*Client) ListRoleSlugsByUser 

func (s *Client) ListRoleSlugsByUser(ctx context.Context, userID string) []string

func (*Client) ListRoleSlugsByUserErr 

func (s *Client) ListRoleSlugsByUserErr(ctx context.Context, userID string) ([]string, error)

ListRoleSlugsByUserErr is the error-propagating ListRoleSlugsByUser (#136): role-resolution failures are returned (not swallowed into an empty slice) so authz callers can fail closed.

func (*Client) ListSubjectGroups 

func (s *Client) ListSubjectGroups(ctx context.Context, subjectID, subjectKind string) ([]authkit.SubjectGroupMembership, error)

func (*Client) ListUserSessions 

func (s *Client) ListUserSessions(ctx context.Context, userID string) ([]authkit.Session, error)

func (*Client) ListUsersDeletedBefore 

func (s *Client) ListUsersDeletedBefore(ctx context.Context, cutoff time.Time, limit int) ([]string, error)

func (*Client) MintAPIKey 

func (s *Client) MintAPIKey(ctx context.Context, persona, instanceSlug, name, role, createdBy string, expiresAt *time.Time) (authkit.APIKey, string, error)

func (*Client) MintAPIKeyWithOptions 

func (s *Client) MintAPIKeyWithOptions(ctx context.Context, persona, instanceSlug string, opts authkit.APIKeyMintOptions) (authkit.APIKey, string, error)

func (*Client) MintCustomJWT 

func (s *Client) MintCustomJWT(ctx context.Context, opts authkit.CustomJWTMintOptions) (string, error)

func (*Client) MintDelegatedAccessToken 

func (s *Client) MintDelegatedAccessToken(ctx context.Context, p authkit.DelegatedAccessParams) (string, error)

func (*Client) MintRemoteApplicationAccessToken 

func (s *Client) MintRemoteApplicationAccessToken(ctx context.Context, p authkit.RemoteApplicationAccessParams) (string, error)

func (*Client) MintServiceJWT 

func (s *Client) MintServiceJWT(ctx context.Context, opts authkit.ServiceJWTMintOptions) (string, authkit.ServiceJWTClaims, error)

func (*Client) Options 

func (s *Client) Options() Options

func (*Client) PatchUserMetadata 

func (s *Client) PatchUserMetadata(ctx context.Context, userID string, patch map[string]any) error

func (*Client) Postgres 

func (s *Client) Postgres() *pgxpool.Pool

func (*Client) PublicKeysByKID 

func (s *Client) PublicKeysByKID() map[string]crypto.PublicKey

func (*Client) RecordFailedPasswordlessCode 

func (s *Client) RecordFailedPasswordlessCode(ctx context.Context, identifier string)
func (s *Client) RedeemGroupInviteLink(ctx context.Context, code, redeemerUserID string) (authkit.RedeemGroupInviteLinkResult, error)

RedeemGroupInviteLink redeems code for the authenticated redeemer, assigning the link's role and returning where it applied.

func (*Client) RemoveGroupSubjectAs 

func (s *Client) RemoveGroupSubjectAs(ctx context.Context, actorUserID, persona, instanceSlug, subjectID, subjectKind string) error

RemoveGroupSubjectAs is the actor-aware whole-subject revoke (#136): it enforces no-escalation across every role the subject holds before stripping them. HTTP member-removal MUST use this; the unchecked RemoveGroupSubject is genesis-only.

func (*Client) RemoveRoleBySlug 

func (s *Client) RemoveRoleBySlug(ctx context.Context, userID, slug string) error

func (*Client) RemoveRoleBySlugAs 

func (s *Client) RemoveRoleBySlugAs(ctx context.Context, actorUserID, userID, slug string) error

func (*Client) ResolveAPIKey 

func (s *Client) ResolveAPIKey(ctx context.Context, keyID, secret string) (string, []string, error)

func (*Client) ResolveAPIKeyWithResources 

func (s *Client) ResolveAPIKeyWithResources(ctx context.Context, keyID, secret string) (authkit.ResolvedAPIKey, error)

func (*Client) ResolveGroupIDForSlug 

func (s *Client) ResolveGroupIDForSlug(ctx context.Context, persona, instanceSlug string) (string, error)

func (*Client) ResolveRemoteAppAttributeDef 

func (s *Client) ResolveRemoteAppAttributeDef(ctx context.Context, appID, key string, version int32) (*authkit.RemoteAppAttributeDef, error)

func (*Client) ResolveRemoteApplicationAuthority 

func (s *Client) ResolveRemoteApplicationAuthority(ctx context.Context, appID string) ([]string, error)

func (*Client) RestoreUser 

func (s *Client) RestoreUser(ctx context.Context, id string) error

func (*Client) RevokeAPIKey 

func (s *Client) RevokeAPIKey(ctx context.Context, persona, instanceSlug, tokenID string) (bool, error)

func (*Client) RevokeAllSessions 

func (s *Client) RevokeAllSessions(ctx context.Context, userID string, keepSessionID *string) error
func (s *Client) RevokeGroupInviteLink(ctx context.Context, persona, instanceSlug, linkID string) error

RevokeGroupInviteLink revokes a group's invite link by id.

func (*Client) SMSAvailable 

func (s *Client) SMSAvailable() bool

func (*Client) Schema 

func (s *Client) Schema() string

func (*Client) SeedPermissionGroupContainment 

func (s *Client) SeedPermissionGroupContainment(ctx context.Context) error

func (*Client) SetEmailVerified 

func (s *Client) SetEmailVerified(ctx context.Context, id string, v bool) error

func (*Client) SetEntitlementsProvider 

func (s *Client) SetEntitlementsProvider(p EntitlementsProvider)

func (*Client) SoftDeleteUser 

func (s *Client) SoftDeleteUser(ctx context.Context, id string) error

func (*Client) StartPasswordless 

func (s *Client) StartPasswordless(ctx context.Context, req authkit.PasswordlessStartRequest) (authkit.PasswordlessStartResult, error)

func (*Client) TimeUntilUsernameRenameAvailable 

func (s *Client) TimeUntilUsernameRenameAvailable(ctx context.Context, userID string, now time.Time) (int64, error)

func (*Client) UnassignGroupRoleAs 

func (s *Client) UnassignGroupRoleAs(ctx context.Context, actorUserID, persona, instanceSlug, subjectID, subjectKind, role string) error

func (*Client) UnbanUser 

func (s *Client) UnbanUser(ctx context.Context, userID string) error

func (*Client) UnlinkProvider 

func (s *Client) UnlinkProvider(ctx context.Context, userID, provider string) error

func (*Client) UpdateBiography 

func (s *Client) UpdateBiography(ctx context.Context, id string, bio *string) error

func (*Client) UpdateEmail 

func (s *Client) UpdateEmail(ctx context.Context, id, email string) error

func (*Client) UpdateImportedUser 

func (s *Client) UpdateImportedUser(ctx context.Context, userID string, input authkit.ImportUserInput) (*authkit.User, error)

func (*Client) UpdateUsername 

func (s *Client) UpdateUsername(ctx context.Context, id, username string) error

func (*Client) UpsertPasswordHash 

func (s *Client) UpsertPasswordHash(ctx context.Context, userID, hash, algo string, params []byte) error

func (*Client) UpsertRemoteApplication 

func (s *Client) UpsertRemoteApplication(ctx context.Context, in authkit.RemoteApplication) (*authkit.RemoteApplication, error)

func (*Client) UpsertRoleBySlug 

func (s *Client) UpsertRoleBySlug(ctx context.Context, name, slug string, description *string) error

func (*Client) ValidateVerificationConfiguration 

func (s *Client) ValidateVerificationConfiguration() error

func (*Client) VerifyUserPassword 

func (s *Client) VerifyUserPassword(ctx context.Context, userID, pass string) bool

type Config 

type Config = authcore.Config

type CustomRoleResolver 

type CustomRoleResolver = authcore.CustomRoleResolver

type EmailSender 

type EmailSender = authcore.EmailSender

type EntitlementFilterProvider 

type EntitlementFilterProvider = authcore.EntitlementFilterProvider

type EntitlementsProvider 

type EntitlementsProvider = authcore.EntitlementsProvider

type EphemeralMode 

type EphemeralMode = authcore.EphemeralMode

type EphemeralStore 

type EphemeralStore = authcore.EphemeralStore

type FrontendConfig 

type FrontendConfig = authcore.FrontendConfig

type GeneratedRoute 

type GeneratedRoute = authcore.GeneratedRoute

type GroupAssignment 

type GroupAssignment = authcore.GroupAssignment

type GroupInviteEmailSender 

type GroupInviteEmailSender = authcore.GroupInviteEmailSender

type GroupInviteMessage 

type GroupInviteMessage = authcore.GroupInviteMessage

type GroupSchema 

type GroupSchema = authcore.GroupSchema

type IdentityConfig 

type IdentityConfig = authcore.IdentityConfig

type KeysConfig 

type KeysConfig = authcore.KeysConfig

type Keyset 

type Keyset = authcore.Keyset

type ManagementProfile 

type ManagementProfile = authcore.ManagementProfile

type Option 

type Option = authcore.Option

type Options 

type Options = authcore.Options

type Passkey 

type Passkey = authcore.Passkey

type PasskeyConfig 

type PasskeyConfig = authcore.PasskeyConfig

type PasskeyLoginResult 

type PasskeyLoginResult = authcore.PasskeyLoginResult

type PendingChangeKind 

type PendingChangeKind = authcore.PendingChangeKind

type PendingRegistration 

type PendingRegistration = authcore.PendingRegistration

type PermissionDef 

type PermissionDef = authcore.PermissionDef

type PermissionGroupStore 

type PermissionGroupStore = authcore.PermissionGroupStore

type PersonaDef 

type PersonaDef = authcore.PersonaDef

type RBACConfig 

type RBACConfig = authcore.RBACConfig

type RegistrationConfig 

type RegistrationConfig = authcore.RegistrationConfig

type RegistrationMode 

type RegistrationMode = authcore.RegistrationMode

type RegistrationVerificationPolicy 

type RegistrationVerificationPolicy = authcore.RegistrationVerificationPolicy

type RemovedMFARoleAssignment 

type RemovedMFARoleAssignment = authcore.RemovedMFARoleAssignment

type RoleDef 

type RoleDef = authcore.RoleDef

type SMSHealthChecker 

type SMSHealthChecker = authcore.SMSHealthChecker

type SMSSender 

type SMSSender = authcore.SMSSender

type SessionEventType 

type SessionEventType = authcore.SessionEventType

type SessionFreshness 

type SessionFreshness = authcore.SessionFreshness

type SessionRevokeReason 

type SessionRevokeReason = authcore.SessionRevokeReason

type SolanaConfig 

type SolanaConfig = authcore.SolanaConfig

type SolanaLinkedAccount 

type SolanaLinkedAccount = authcore.SolanaLinkedAccount

type SolanaSNSResolver 

type SolanaSNSResolver = authcore.SolanaSNSResolver

type TokenConfig 

type TokenConfig = authcore.TokenConfig

type TwoFactorConfig 

type TwoFactorConfig = authcore.TwoFactorConfig

type TwoFactorFactor 

type TwoFactorFactor = authcore.TwoFactorFactor

type TwoFactorSettings 

type TwoFactorSettings = authcore.TwoFactorSettings

type ValidationError 

type ValidationError = authcore.ValidationError

type VerificationMessage 

type VerificationMessage = authcore.VerificationMessage

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.