oauth2

package

v0.8.0 Latest Latest Go to latest Published: Feb 10, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pingidentity/pingone-go-client

Links

Open Source Insights

Documentation ¶

Overview ¶

Package oauth2 provides OAuth2 authentication utilities for the PingOne Go Client SDK. It includes grant type definitions, token authentication methods, and endpoint configuration for OAuth2 flows supported by PingOne services.

Index ¶

Variables
func GenerateKeychainAccountName(environmentID, clientID, grantType string) string
func GenerateKeychainAccountNameWithSuffix(environmentID, clientID, grantType, suffix string) string
func IsValidGrantType(gt string) bool
type GrantType
type KeychainStorage
- func NewKeychainStorage(serviceName, username string) (*KeychainStorage, error)
type TokenAuthType
type TokenStorage

Constants ¶

This section is empty.

Variables ¶

View Source

var AllowedTokenAuthMethods = map[GrantType][]TokenAuthType{
	GrantTypeAuthorizationCode: {
		TokenAuthTypeNone,
	},
	GrantTypeClientCredentials: {
		TokenAuthTypeClientSecretBasic,
		TokenAuthTypeClientSecretPost,
	},
	GrantTypeDeviceCode: {
		TokenAuthTypeNone,
	},
}

AllowedTokenAuthMethods maps each grant type to its supported token authentication methods. This mapping ensures that only compatible authentication methods are used with each grant type. The map helps validate authentication configurations and provides available options for each flow.

Functions ¶

func GenerateKeychainAccountName ¶ added in v0.4.0

func GenerateKeychainAccountName(environmentID, clientID, grantType string) string

GenerateKeychainAccountName creates a unique account name based on environment ID, client ID, and grant type.

func GenerateKeychainAccountNameWithSuffix ¶ added in v0.5.1

func GenerateKeychainAccountNameWithSuffix(environmentID, clientID, grantType, suffix string) string

GenerateKeychainAccountNameWithSuffix creates a unique account name based on environment ID, client ID, grant type, suffix.

func IsValidGrantType ¶ added in v0.4.0

func IsValidGrantType(gt string) bool

Types ¶

type GrantType ¶

type GrantType string

GrantType represents the OAuth2 grant type used for token acquisition. Grant types define the method by which applications obtain access tokens from the authorization server.

const (
	// GrantTypeAuthorizationCode represents the authorization code grant type (commented out - not yet implemented)
	GrantTypeAuthorizationCode GrantType = "authorization_code"

	// GrantTypeClientCredentials represents the client credentials grant type.
	// This grant type is used for server-to-server authentication where the client
	// authenticates directly with the authorization server using its client credentials.
	GrantTypeClientCredentials GrantType = "client_credentials"
	GrantTypeDeviceCode        GrantType = "device_code"
)

type KeychainStorage ¶ added in v0.4.0

type KeychainStorage struct {
	// contains filtered or unexported fields
}

KeychainStorage implements TokenStorage using the system keychain

func NewKeychainStorage ¶ added in v0.4.0

func NewKeychainStorage(serviceName, username string) (*KeychainStorage, error)

NewKeychainStorage creates a new KeychainStorage instance Both serviceName and username must be non-empty strings

func (*KeychainStorage) ClearAllTokens ¶ added in v0.7.0

func (k *KeychainStorage) ClearAllTokens() error

ClearAllTokens removes all tokens for the service from the system keychain

func (*KeychainStorage) ClearToken ¶ added in v0.4.0

func (k *KeychainStorage) ClearToken() error

ClearToken removes the OAuth2 token from the system keychain

func (*KeychainStorage) HasToken ¶ added in v0.4.0

func (k *KeychainStorage) HasToken() (bool, error)

HasToken checks if a token exists in the system keychain

func (*KeychainStorage) LoadToken ¶ added in v0.4.0

func (k *KeychainStorage) LoadToken() (*oauth2.Token, error)

LoadToken retrieves the OAuth2 token from the system keychain

func (*KeychainStorage) SaveToken ¶ added in v0.4.0

func (k *KeychainStorage) SaveToken(token *oauth2.Token) error

SaveToken stores the OAuth2 token in the system keychain

type TokenAuthType ¶

type TokenAuthType string

TokenAuthType represents the method used to authenticate the client when requesting tokens. These types define how client credentials are transmitted to the authorization server during token requests in OAuth2 flows.

const (
	// TokenAuthTypeNone indicates no client authentication is required.
	// This is typically used for public clients that cannot securely store credentials.
	TokenAuthTypeNone TokenAuthType = "NONE"

	// TokenAuthTypeClientSecretBasic indicates client authentication using HTTP Basic authentication.
	// The client ID and secret are Base64-encoded and sent in the Authorization header.
	TokenAuthTypeClientSecretBasic TokenAuthType = "CLIENT_SECRET_BASIC"

	// TokenAuthTypeClientSecretPost indicates client authentication using POST parameters.
	// The client ID and secret are sent as form parameters in the request body.
	TokenAuthTypeClientSecretPost TokenAuthType = "CLIENT_SECRET_POST"
)

type TokenStorage ¶ added in v0.4.0

type TokenStorage interface {
	// SaveToken stores an OAuth2 token securely
	SaveToken(token *oauth2.Token) error

	// LoadToken retrieves a stored OAuth2 token
	LoadToken() (*oauth2.Token, error)

	// ClearToken removes a stored OAuth2 token
	ClearToken() error

	// HasToken checks if a token exists without loading it
	HasToken() (bool, error)
}

TokenStorage defines the interface for storing and retrieving OAuth2 tokens

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
endpoints Package endpoints provides OAuth2 endpoint construction utilities for PingOne services.	Package endpoints provides OAuth2 endpoint construction utilities for PingOne services.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL