auth

package

v0.33.0 Latest Latest Go to latest Published: Jun 10, 2026 License: BSD-3-Clause-Clear Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opentdf/platform

Documentation ¶

Index ¶

Constants
Variables
func GetFreePort(ctx context.Context) (int, error)
func GetSDKAuthOptionFromProfile(profile *profiles.OtdfctlProfileStore) (sdk.Option, error)
func GetTokenWithClientCreds(ctx context.Context, endpoint string, clientID string, clientSecret string, ...) (*oauth2.Token, error)
func GetTokenWithProfile(ctx context.Context, profile *profiles.OtdfctlProfileStore) (*oauth2.Token, error)
func HasRefreshToken(profile *profiles.OtdfctlProfileStore) bool
func IsTokenExpired(profile *profiles.OtdfctlProfileStore) bool
func Login(ctx context.Context, ...) (*oauth2.Token, error)
func LoginWithPKCE(ctx context.Context, host, clientID string, tlsNoVerify bool, port string) (*oauth2.Token, error)
func NormalizeScopes(scopes []string) []string
func RefreshAccessToken(ctx context.Context, profile *profiles.OtdfctlProfileStore) error
func RevokeAccessToken(ctx context.Context, endpoint, clientID, refreshToken string, tlsNoVerify bool) error
func ValidateProfileAuthCredentials(ctx context.Context, profile *profiles.OtdfctlProfileStore) error
type ClientCredentials
- func GetClientCredsFromFile(filepath string) (ClientCredentials, error)
- func GetClientCredsFromJSON(credsJSON []byte) (ClientCredentials, error)
type JWTClaims
- func ParseClaimsJWT(accessToken string) (JWTClaims, error)

Constants ¶

View Source

const (
	DefaultPublicClientID = "cli-client"
)

Variables ¶

View Source

var (
	ErrAccessTokenExpired         = errors.New("access token expired")
	ErrAccessTokenNotFound        = errors.New("no access token found")
	ErrClientCredentialsNotFound  = errors.New("client credentials not found")
	ErrInvalidAuthType            = errors.New("invalid auth type")
	ErrUnauthenticated            = errors.New("not logged in")
	ErrParsingAccessToken         = errors.New("failed to parse access token")
	ErrProfileCredentialsNotFound = errors.New("profile missing credentials")
	ErrNoRefreshToken             = errors.New("no refresh token available")
	ErrRefreshFailed              = errors.New("token refresh failed")
)

Functions ¶

func GetFreePort ¶

func GetFreePort(ctx context.Context) (int, error)

GetFreePort returns an available TCP port on localhost. The function works by asking the operating system to assign a free port (by using port 0), then returns that assigned port.

func GetSDKAuthOptionFromProfile ¶

func GetSDKAuthOptionFromProfile(profile *profiles.OtdfctlProfileStore) (sdk.Option, error)

func GetTokenWithClientCreds ¶

func GetTokenWithClientCreds(ctx context.Context, endpoint string, clientID string, clientSecret string, tlsNoVerify bool, scopes []string) (*oauth2.Token, error)

Uses the OAuth2 client credentials flow to obtain a token.

func GetTokenWithProfile ¶

func GetTokenWithProfile(ctx context.Context, profile *profiles.OtdfctlProfileStore) (*oauth2.Token, error)

func HasRefreshToken ¶ added in v0.33.0

func HasRefreshToken(profile *profiles.OtdfctlProfileStore) bool

HasRefreshToken checks if the profile has a refresh token.

func IsTokenExpired ¶ added in v0.33.0

func IsTokenExpired(profile *profiles.OtdfctlProfileStore) bool

IsTokenExpired checks if the access token in the profile is expired. Returns false for non-access-token auth types since refresh only applies there.

func Login(ctx context.Context, platformEndpoint, tokenURL, authURL, publicClientID, authCodeFlowPort string) (*oauth2.Token, error)

Facilitates an auth code PKCE flow to obtain OIDC tokens. Spawns a local server to handle the callback and opens a browser window in each respective OS.

func LoginWithPKCE ¶

func LoginWithPKCE(ctx context.Context, host, clientID string, tlsNoVerify bool, port string) (*oauth2.Token, error)

Logs in using the auth code PKCE flow driven by the platform well-known idP OIDC configuration.

func NormalizeScopes ¶

func NormalizeScopes(scopes []string) []string

func RefreshAccessToken ¶ added in v0.33.0

func RefreshAccessToken(ctx context.Context, profile *profiles.OtdfctlProfileStore) error

RefreshAccessToken refreshes the access token using the stored refresh token and updates the profile with the new tokens.

func RevokeAccessToken ¶

func RevokeAccessToken(ctx context.Context, endpoint, clientID, refreshToken string, tlsNoVerify bool) error

Revokes the access token

func ValidateProfileAuthCredentials ¶

func ValidateProfileAuthCredentials(ctx context.Context, profile *profiles.OtdfctlProfileStore) error

Types ¶

type ClientCredentials ¶

type ClientCredentials struct {
	ClientID     string   `json:"clientId"`
	ClientSecret string   `json:"clientSecret"`
	Scopes       []string `json:"scopes,omitempty"`
}

func GetClientCredsFromFile ¶

func GetClientCredsFromFile(filepath string) (ClientCredentials, error)

Retrieves credentials by reading specified file

func GetClientCredsFromJSON ¶

func GetClientCredsFromJSON(credsJSON []byte) (ClientCredentials, error)

Parse the JSON and return the client ID and secret

type JWTClaims ¶

type JWTClaims struct {
	Expiration int64 `json:"exp"`
}

func ParseClaimsJWT ¶

func ParseClaimsJWT(accessToken string) (JWTClaims, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL