oauth2

package
v0.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package oauth2 provides OAuth2 authentication utilities for the PingOne Go Client SDK. It includes grant type definitions, token authentication methods, and endpoint configuration for OAuth2 flows supported by PingOne services.

Index

Constants

This section is empty.

Variables

View Source 
var AllowedTokenAuthMethods = map[GrantType][]TokenAuthType{
	GrantTypeAuthorizationCode: {
		TokenAuthTypeNone,
	},
	GrantTypeClientCredentials: {
		TokenAuthTypeClientSecretBasic,
		TokenAuthTypeClientSecretPost,
	},
	GrantTypeDeviceCode: {
		TokenAuthTypeNone,
	},
}

AllowedTokenAuthMethods maps each grant type to its supported token authentication methods. This mapping ensures that only compatible authentication methods are used with each grant type. The map helps validate authentication configurations and provides available options for each flow.

Functions

func GenerateKeychainAccountName added in v0.4.0 

func GenerateKeychainAccountName(environmentID, clientID, grantType string) string

GenerateKeychainAccountName creates a unique account name based on environment ID, client ID, and grant type.

func GenerateKeychainAccountNameWithSuffix added in v0.5.1 

func GenerateKeychainAccountNameWithSuffix(environmentID, clientID, grantType, suffix string) string

GenerateKeychainAccountNameWithSuffix creates a unique account name based on environment ID, client ID, grant type, suffix.

func IsValidGrantType added in v0.4.0 

func IsValidGrantType(gt string) bool

Types

type GrantType 

type GrantType string

GrantType represents the OAuth2 grant type used for token acquisition. Grant types define the method by which applications obtain access tokens from the authorization server. 

const (
	// GrantTypeAuthorizationCode represents the authorization code grant type (commented out - not yet implemented)
	GrantTypeAuthorizationCode GrantType = "authorization_code"

	// GrantTypeClientCredentials represents the client credentials grant type.
	// This grant type is used for server-to-server authentication where the client
	// authenticates directly with the authorization server using its client credentials.
	GrantTypeClientCredentials GrantType = "client_credentials"
	GrantTypeDeviceCode        GrantType = "device_code"
)

type KeychainStorage added in v0.4.0 

type KeychainStorage struct {
	// contains filtered or unexported fields
}

KeychainStorage implements TokenStorage using the system keychain

func NewKeychainStorage added in v0.4.0 

func NewKeychainStorage(serviceName, username string) (*KeychainStorage, error)

NewKeychainStorage creates a new KeychainStorage instance Both serviceName and username must be non-empty strings

func (*KeychainStorage) ClearToken added in v0.4.0 

func (k *KeychainStorage) ClearToken() error

ClearToken removes the OAuth2 token from the system keychain

func (*KeychainStorage) HasToken added in v0.4.0 

func (k *KeychainStorage) HasToken() (bool, error)

HasToken checks if a token exists in the system keychain

func (*KeychainStorage) LoadToken added in v0.4.0 

func (k *KeychainStorage) LoadToken() (*oauth2.Token, error)

LoadToken retrieves the OAuth2 token from the system keychain

func (*KeychainStorage) SaveToken added in v0.4.0 

func (k *KeychainStorage) SaveToken(token *oauth2.Token) error

SaveToken stores the OAuth2 token in the system keychain

type TokenAuthType 

type TokenAuthType string

TokenAuthType represents the method used to authenticate the client when requesting tokens. These types define how client credentials are transmitted to the authorization server during token requests in OAuth2 flows. 

const (
	// TokenAuthTypeNone indicates no client authentication is required.
	// This is typically used for public clients that cannot securely store credentials.
	TokenAuthTypeNone TokenAuthType = "NONE"

	// TokenAuthTypeClientSecretBasic indicates client authentication using HTTP Basic authentication.
	// The client ID and secret are Base64-encoded and sent in the Authorization header.
	TokenAuthTypeClientSecretBasic TokenAuthType = "CLIENT_SECRET_BASIC"

	// TokenAuthTypeClientSecretPost indicates client authentication using POST parameters.
	// The client ID and secret are sent as form parameters in the request body.
	TokenAuthTypeClientSecretPost TokenAuthType = "CLIENT_SECRET_POST"
)

type TokenStorage added in v0.4.0 

type TokenStorage interface {
	// SaveToken stores an OAuth2 token securely
	SaveToken(token *oauth2.Token) error

	// LoadToken retrieves a stored OAuth2 token
	LoadToken() (*oauth2.Token, error)

	// ClearToken removes a stored OAuth2 token
	ClearToken() error

	// HasToken checks if a token exists without loading it
	HasToken() (bool, error)
}

TokenStorage defines the interface for storing and retrieving OAuth2 tokens

Source Files

View all Source files

Directories

Path Synopsis
Package endpoints provides OAuth2 endpoint construction utilities for PingOne services.
 Package endpoints provides OAuth2 endpoint construction utilities for PingOne services.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.