commonhttp

func NewClient ¶

func NewClient(cfg *commoncfg.HTTPClient) (*http.Client, error)

NewClient creates an *http.Client configured with optional TLS/mTLS and custom settings.

Supports:

• Timeout
• TLS minimum version (default TLS1.2)
• InsecureSkipVerify
• Custom root CAs
• Optional client certificates (mTLS)

Deprecated [to be replaced with NewHTTPClient]

func NewClientFromAPIToken ¶ added in v1.13.0

func NewClientFromAPIToken(value *commoncfg.SourceRef) (*http.Client, error)

NewClientFromAPIToken creates a new *http.Client that automatically injects an API token into the Authorization header of every request.

The function expects a *commoncfg.SourceRef containing the API token. A SourceRef may reference a literal value, environment variable, file, or any other supported configuration source.

On success, the returned client wraps the default HTTP transport with a custom RoundTripper (clientAPITokenRoundTripper) which adds:

Authorization: Api-Token <token>

Parameters:

• value: pointer to a SourceRef pointing to the API token.

Returns:

• *http.Client: configured HTTP client
• error: if the token reference is nil, unreadable, or empty.

func NewClientFromBasic ¶ added in v1.13.0

func NewClientFromBasic(clientAuth *commoncfg.BasicAuth) (*http.Client, error)

NewClientFromBasic creates an *http.Client that automatically injects HTTP Basic Authentication credentials into every outgoing request.

The BasicAuth struct contains two SourceRef fields (Username and Password): each can come from literals, environment variables, files, etc.

Each request sent by the returned client is modified to include:

Authorization: Basic <base64(username:password)>

Parameters:

• clientAuth: pointer to BasicAuth config containing username & password.

Returns:

• *http.Client configured with a custom RoundTripper
• error if configuration is invalid or credentials cannot be loaded

func NewClientFromOAuth2 ¶ added in v1.6.2

func NewClientFromOAuth2(clientAuth *commoncfg.OAuth2) (*http.Client, error)

NewClientFromOAuth2 creates a new HTTP client configured with OAuth2 credentials and optional mutual TLS (mTLS) transport.

This function prepares an *http.Client that automatically injects OAuth2 credentials into outgoing requests using a custom RoundTripper. The client can use multiple OAuth2 authentication methods and optionally mTLS.

Supported authentication methods:

• post (client_secret_post): injects "client_id" and "client_secret" into the request query parameters (or POST body, depending on usage).
• basic (client_secret_basic): sets the HTTP Basic Authorization header with clientID and clientSecret.
• jwt (client_secret_jwt): generates a JWT signed with a shared secret, injected as "client_assertion" with type "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
• private (private_key_jwt): uses a JWT assertion provided in ClientAssertion along with ClientAssertionType, injected as query parameters.
• none: PKCE flow (no client_secret required)

Only one authentication method may be configured at a time. If multiple conflicting credentials are provided, this function returns an error.

If mTLS configuration is provided, the client's transport will use the specified TLS certificates for client authentication.

Parameters:

• clientAuth: pointer to an OAuth2 configuration containing credentials, optional mTLS, and the authentication method to use.

Returns:

• *http.Client: an HTTP client that automatically applies the specified OAuth2 credentials and mTLS configuration to requests.
• error: if the configuration is invalid, required fields are missing, or mTLS loading fails.

func NewHTTPClient ¶ added in v1.13.0

func NewHTTPClient(cfg *commoncfg.HTTPClient) (*http.Client, error)

NewHTTPClient creates an *http.Client using the full HTTPClient configuration.

It supports the following authentication methods:

• Basic Auth
• OAuth2 (all supported grant types & auth methods)
• API Token authentication

It also configures:

• TLS configuration (optional mTLS)
• Transport attributes (timeouts, connection pooling)
• Global client timeout

Important behaviour:

• If an authentication method is used, the factory returns a client whose Transport is a wrapped RoundTripper (e.g., OAuth2, BasicAuth).
• This function **preserves** that RoundTripper and wraps it with a proper `http.Transport` when TLS or transport attributes must be applied.
• This avoids overwriting authentication transport logic.