auth_internal

package
v0.8.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2026 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Copyright © 2026 Ping Identity Corporation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Token errors
	ErrNoTokenFound                   = errors.New("no token found for any authentication method")
	ErrNoCachedToken                  = errors.New("no cached token available")
	ErrUnsupportedAuthType            = errors.New("unsupported authorization grant type. Please run 'pingcli login' to authenticate")
	ErrAuthMethodNotConfigured        = errors.New("grant type is not configured")
	ErrUnsupportedAuthMethod          = errors.New("unsupported grant type")
	ErrTokenKeyGenerationRequirements = errors.New("environment ID and client ID are required for token key generation")
	ErrGrantTypeNotSet                = errors.New("configuration does not have grant type set")
	ErrRegionCodeRequired             = errors.New("region code is required and must be valid. Please run 'pingcli config set service.pingone.regionCode=<region>'")
	ErrEnvironmentIDNotConfigured     = errors.New("environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.environmentID=<your-env-id>'")
	ErrTokenStorageDisabled           = errors.New("token storage is disabled")
	ErrInvalidAuthMethod              = errors.New("invalid authentication method flag provided")

	// Device code errors
	ErrDeviceCodeClientIDNotConfigured      = errors.New("device code client ID is not configured. Please run 'pingcli config set service.pingone.authentication.deviceCode.clientID=<your-client-id>'")
	ErrDeviceCodeEnvironmentIDNotConfigured = errors.New("device code environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.deviceCode.environmentID=<your-env-id>'")

	// Auth code errors
	ErrAuthorizationCodeClientIDNotConfigured        = errors.New("authorization code client ID is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.clientID=<your-client-id>'")
	ErrAuthorizationCodeEnvironmentIDNotConfigured   = errors.New("authorization code environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.environmentID=<your-env-id>'")
	ErrAuthorizationCodeRedirectURINotConfigured     = errors.New("authorization code redirect URI is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.redirectURI=<your-redirect-uri>'")
	ErrAuthorizationCodeRedirectURIPathNotConfigured = errors.New("authorization code redirect URI path is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.redirectURIPath=<path>'")
	ErrAuthorizationCodeRedirectURIPortNotConfigured = errors.New("authorization code redirect URI port is not configured. Please run 'pingcli config set service.pingone.authentication.authorizationCode.redirectURIPort=<port>'")

	// Client credentials errors
	ErrClientCredentialsClientIDNotConfigured      = errors.New("client credentials client ID is not configured. Please run 'pingcli config set service.pingone.authentication.clientCredentials.clientID=<your-client-id>'")
	ErrClientCredentialsClientSecretNotConfigured  = errors.New("client credentials client secret is not configured. Please run 'pingcli config set service.pingone.authentication.clientCredentials.clientSecret=<your-client-secret>'")
	ErrClientCredentialsEnvironmentIDNotConfigured = errors.New("client credentials environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.clientCredentials.environmentID=<your-env-id>'")

	// Worker errors
	ErrWorkerClientIDNotConfigured      = errors.New("worker client ID is not configured. Please run 'pingcli config set service.pingone.authentication.worker.clientID=<your-client-id>'")
	ErrWorkerClientSecretNotConfigured  = errors.New("worker client secret is not configured. Please run 'pingcli config set service.pingone.authentication.worker.clientSecret=<your-client-secret>'")
	ErrWorkerEnvironmentIDNotConfigured = errors.New("worker environment ID is not configured. Please run 'pingcli config set service.pingone.authentication.worker.environmentID=<your-env-id>'")

	// PingFederate errors
	ErrPingFederateContextNil  = errors.New("failed to initialize PingFederate services. context is nil")
	ErrPingFederateCACertParse = errors.New("failed to parse CA certificate PEM file to certificate pool")

	// PingOne errors
	ErrPingOneUnrecognizedAuthType = errors.New("unrecognized or unsupported PingOne authorization grant type")
	ErrPingOneClientConfigNil      = errors.New("PingOne client configuration is nil")

	// Configuration and validation errors
	ErrClientIDRequired      = errors.New("client ID is required")
	ErrClientSecretRequired  = errors.New("client secret is required")
	ErrEnvironmentIDRequired = errors.New("environment ID is required")
	ErrInvalidAuthType       = errors.New("invalid authorization grant type")
	ErrInvalidAuthProvider   = errors.New("invalid authentication provider")
	ErrNoAuthTypeSpecified   = errors.New("no authorization grant type configured and no flag specified. Use --auth-code, --device-code, or --client-credentials to specify which credentials to clear")
	ErrNoAuthConfiguration   = errors.New("no configuration found. Nothing to logout from. Run 'pingcli login' to configure authentication")

	// Redirect URI validation errors
	ErrRedirectURIPathInvalid = errors.New("redirect URI path must start with '/'")
	ErrPortInvalid            = errors.New("port must be a number")
	ErrPortOutOfRange         = errors.New("port must be between 1 and 65535")
)
View Source 
var (
	// ErrNilToken is returned when attempting to save a nil token
	ErrNilToken = fmt.Errorf("token cannot be nil")
	// ErrCredentialsFileNotExist is returned when credentials file doesn't exist
	ErrCredentialsFileNotExist = fmt.Errorf("credentials file does not exist")
)

Functions

func AuthLoginRunE 

func AuthLoginRunE(cmd *cobra.Command, args []string) error

AuthLoginRunE implements the login command logic, handling authentication based on the selected method (auth code, device code, or client credentials) with support for interactive configuration

func AuthLogoutRunE 

func AuthLogoutRunE(cmd *cobra.Command, args []string) error

AuthLogoutRunE implements the logout command logic, clearing credentials from both keychain and file storage. If no grant type flag is provided, clears all tokens. If a specific grant type flag is provided, clears only that method's token.

func ClearAllTokens added in v0.8.1 

func ClearAllTokens() error

ClearAllTokens removes all cached tokens from keychain and file storage for all authentication methods. This clears tokens from ALL grant types, not just the currently configured one, to handle cases where users switch between authentication methods

func ClearToken 

func ClearToken(authMethod string) error

ClearToken removes the cached token for a specific authentication method Clears from both keychain and file storage

func GetAuthMethodKey 

func GetAuthMethodKey(authMethod string) (string, error)

GetAuthMethodKey generates a unique keychain account name for the given authentication method using the environment ID and client ID from the profile configuration

func GetAuthMethodKeyFromConfig 

func GetAuthMethodKeyFromConfig(cfg *config.Configuration) (string, error)

GetAuthMethodKeyFromConfig generates a unique keychain account name from a configuration object This uses the SDK's GenerateKeychainAccountName to ensure consistency with SDK token storage

func GetAuthorizationCodeConfiguration 

func GetAuthorizationCodeConfiguration() (*config.Configuration, error)

GetAuthorizationCodeConfiguration builds an authorization code authentication configuration from the CLI profile options

func GetClientCredentialsConfiguration 

func GetClientCredentialsConfiguration() (*config.Configuration, error)

GetClientCredentialsConfiguration builds a client credentials authentication configuration from the CLI profile options

func GetDeviceCodeConfiguration 

func GetDeviceCodeConfiguration() (*config.Configuration, error)

GetDeviceCodeConfiguration builds a device code authentication configuration from the CLI profile options

func GetValidTokenSource 

func GetValidTokenSource(ctx context.Context) (oauth2.TokenSource, error)

GetValidTokenSource returns a valid OAuth2 token source for the configured authentication method

func GetWorkerConfiguration 

func GetWorkerConfiguration() (*config.Configuration, error)

GetWorkerConfiguration builds a worker authentication configuration from the CLI profile options

func LoadTokenForMethod 

func LoadTokenForMethod(authMethod string) (*oauth2.Token, error)

LoadTokenForMethod loads an OAuth2 token from the keychain using the specified authentication method key Falls back to file storage if keychain operations fail or if --use-keychain=false

func PromptForAuthType 

func PromptForAuthType(rc io.ReadCloser, showStatus bool) (string, error)

PromptForAuthType prompts the user to select an authorization grant type If showStatus is true, it will show (configured) or (not configured) status next to each option

func PromptForRegionCode 

func PromptForRegionCode(rc io.ReadCloser) (string, error)

PromptForRegionCode prompts the user to select a PingOne region code

func RunInteractiveAuthConfig 

func RunInteractiveAuthConfig(rc io.ReadCloser) error

RunInteractiveAuthConfig runs the full interactive authentication configuration flow

func RunInteractiveAuthConfigForType 

func RunInteractiveAuthConfigForType(rc io.ReadCloser, desiredAuthType string) error

RunInteractiveAuthConfigForType runs interactive prompts for a specific auth type if it's not configured. If it is configured and valid, it will simply set the auth type on the profile.

func SaveAuthConfigToProfile 

func SaveAuthConfigToProfile(authType, clientID, clientSecret, environmentID, regionCode, redirectURIPath, redirectURIport string) error

SaveAuthConfigToProfile saves the authentication configuration to the active profile

func SaveAuthTypeOnly 

func SaveAuthTypeOnly(authType string) error

SaveAuthTypeOnly saves just the authorization grant type without modifying existing credentials

func SaveTokenForMethod 

func SaveTokenForMethod(token *oauth2.Token, authMethod string) (customtypes.StorageLocationType, error)

SaveTokenForMethod saves an OAuth2 token to storage (keychain or file) using the specified authentication method key Note: SDK handles keychain storage separately with its own token key format Returns StorageLocationType indicating where the token was saved

Types

type AuthorizationCodeConfig 

type AuthorizationCodeConfig struct {
	ClientID        string
	EnvironmentID   string
	RegionCode      string
	RedirectURIPath string
	RedirectURIPort string
}

AuthorizationCodeConfig holds the configuration for authorization code authentication

func PromptForAuthorizationCodeConfig 

func PromptForAuthorizationCodeConfig(rc io.ReadCloser) (*AuthorizationCodeConfig, error)

PromptForAuthorizationCodeConfig prompts for auth code configuration

type ClientCredentialsConfig 

type ClientCredentialsConfig struct {
	ClientID      string
	ClientSecret  string
	EnvironmentID string
	RegionCode    string
}

ClientCredentialsConfig holds the configuration for client credentials authentication

func PromptForClientCredentialsConfig 

func PromptForClientCredentialsConfig(rc io.ReadCloser) (*ClientCredentialsConfig, error)

PromptForClientCredentialsConfig prompts for client credentials configuration

type DeviceCodeConfig 

type DeviceCodeConfig struct {
	ClientID      string
	EnvironmentID string
	RegionCode    string
}

DeviceCodeConfig holds the configuration for device code authentication

func PromptForDeviceCodeConfig 

func PromptForDeviceCodeConfig(rc io.ReadCloser) (*DeviceCodeConfig, error)

PromptForDeviceCodeConfig prompts for device code configuration

type LoginResult 

type LoginResult struct {
	Token    *oauth2.Token
	NewAuth  bool
	Location customtypes.StorageLocationType
}

LoginResult contains the result of a login operation

func PerformAuthorizationCodeLogin 

func PerformAuthorizationCodeLogin(ctx context.Context) (*LoginResult, error)

func PerformClientCredentialsLogin 

func PerformClientCredentialsLogin(ctx context.Context) (*LoginResult, error)

func PerformDeviceCodeLogin 

func PerformDeviceCodeLogin(ctx context.Context) (*LoginResult, error)

PerformDeviceCodeLogin performs device code authentication, returning the result

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.