client

package
v0.0.41 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package client provides client-side authentication utilities for oneauth. It includes credential storage, automatic token refresh, and HTTP client helpers.

Index

Constants

View Source
const RefreshThreshold = 5 * time.Minute

RefreshThreshold is how long before expiry to proactively refresh

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthClient

type AuthClient struct {
	// contains filtered or unexported fields
}

AuthClient is an HTTP client with automatic token management

func NewAuthClient

func NewAuthClient(serverURL string, store CredentialStore, opts ...ClientOption) *AuthClient

NewAuthClient creates a new authenticated HTTP client for a server

func (*AuthClient) GetCredential

func (c *AuthClient) GetCredential() (*ServerCredential, error)

GetCredential returns the stored credential for this server

func (*AuthClient) GetToken

func (c *AuthClient) GetToken() (string, error)

GetToken returns the current access token, refreshing if needed

func (*AuthClient) HTTPClient

func (c *AuthClient) HTTPClient() *http.Client

HTTPClient returns the underlying HTTP client with auth handling

func (*AuthClient) IsLoggedIn

func (c *AuthClient) IsLoggedIn() bool

IsLoggedIn returns true if there is a valid (non-expired) credential

func (*AuthClient) Login

func (c *AuthClient) Login(username, password, scope string) (*ServerCredential, error)

Login authenticates with username/password and stores the credential

func (*AuthClient) Logout

func (c *AuthClient) Logout() error

Logout removes the credential for this server

func (*AuthClient) ServerURL

func (c *AuthClient) ServerURL() string

ServerURL returns the server URL this client is configured for

type AuthTransport

type AuthTransport struct {
	Base  http.RoundTripper
	Token string
}

AuthTransport wraps an http.RoundTripper to add Authorization headers

func NewAuthTransport

func NewAuthTransport(token string) *AuthTransport

NewAuthTransport creates an AuthTransport with the given token

func NewAuthTransportWithBase

func NewAuthTransportWithBase(base http.RoundTripper, token string) *AuthTransport

NewAuthTransportWithBase creates an AuthTransport with a custom base transport

func (*AuthTransport) RoundTrip

func (t *AuthTransport) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip implements http.RoundTripper

type ClientOption

type ClientOption func(*AuthClient)

ClientOption configures an AuthClient

func WithHTTPClient

func WithHTTPClient(client *http.Client) ClientOption

WithHTTPClient sets a custom base HTTP client (for timeouts, TLS config, etc.) The transport from this client will be wrapped with auth handling.

func WithTokenEndpoint

func WithTokenEndpoint(path string) ClientOption

WithTokenEndpoint sets a custom token endpoint path

func WithTransport

func WithTransport(transport http.RoundTripper) ClientOption

WithTransport sets a custom base transport (for connection pooling, proxies, etc.)

type CredentialStore

type CredentialStore interface {
	// GetCredential retrieves a credential for a server URL
	// Returns nil, nil if no credential exists for the server
	GetCredential(serverURL string) (*ServerCredential, error)

	// SetCredential stores a credential for a server URL
	SetCredential(serverURL string, cred *ServerCredential) error

	// RemoveCredential removes a credential for a server URL
	RemoveCredential(serverURL string) error

	// ListServers returns all server URLs with stored credentials
	ListServers() ([]string, error)

	// Save persists any pending changes (for stores that batch writes)
	Save() error
}

CredentialStore defines the interface for storing and retrieving credentials

type OAuth2TokenRequest

type OAuth2TokenRequest struct {
	GrantType    string `json:"grant_type"`
	Username     string `json:"username,omitempty"`
	Password     string `json:"password,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	Scope        string `json:"scope,omitempty"`
	ClientID     string `json:"client_id,omitempty"`
}

OAuth2TokenRequest is the request body for token endpoint

type OAuth2TokenResponse

type OAuth2TokenResponse struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int64  `json:"expires_in"`
	RefreshToken string `json:"refresh_token,omitempty"`
	Scope        string `json:"scope,omitempty"`
	Error        string `json:"error,omitempty"`
	ErrorDesc    string `json:"error_description,omitempty"`
}

OAuth2TokenResponse is the response from token endpoint

type ServerCredential

type ServerCredential struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	TokenType    string    `json:"token_type,omitempty"`
	UserID       string    `json:"user_id,omitempty"`
	UserEmail    string    `json:"user_email,omitempty"`
	Scope        string    `json:"scope,omitempty"`
	ExpiresAt    time.Time `json:"expires_at"`
	CreatedAt    time.Time `json:"created_at"`
}

ServerCredential holds authentication info for a single server

func (*ServerCredential) HasRefreshToken

func (c *ServerCredential) HasRefreshToken() bool

HasRefreshToken returns true if a refresh token is available

func (*ServerCredential) IsExpired

func (c *ServerCredential) IsExpired() bool

IsExpired returns true if the access token has expired

func (*ServerCredential) IsExpiringSoon

func (c *ServerCredential) IsExpiringSoon(within time.Duration) bool

IsExpiringSoon returns true if the token expires within the given duration

Directories

Path Synopsis
stores
fs
Package fs provides a file system-based credential store for oneauth client.
Package fs provides a file system-based credential store for oneauth client.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL