Documentation
¶
Overview ¶
Package xai provides OAuth2 authentication helpers for xAI Grok.
Index ¶
- Constants
- func CredentialFileName(email, subject string) string
- func RefreshLead() time.Duration
- func ValidateOAuthEndpoint(rawURL string, field string) (string, error)
- type AuthBundle
- type DeviceCodeResponse
- type Discovery
- type TokenData
- type TokenStorage
- type XAIAuth
- func (a *XAIAuth) CreateTokenStorage(bundle *AuthBundle) *TokenStorage
- func (a *XAIAuth) Discover(ctx context.Context) (*Discovery, error)
- func (a *XAIAuth) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*TokenData, error)
- func (a *XAIAuth) RefreshTokens(ctx context.Context, refreshToken, tokenEndpoint string) (*TokenData, error)
- func (a *XAIAuth) RequestDeviceCode(ctx context.Context, deviceAuthorizationEndpoint, tokenEndpoint string) (*DeviceCodeResponse, error)
- func (a *XAIAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error)
- func (a *XAIAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*AuthBundle, error)
Constants ¶
const ( // DefaultAPIBaseURL is the default official xAI API base URL. // Used for OAuth credential defaults, websocket, media (image/video), // and non-media HTTP chat when auth using_api is true or non-OAuth. DefaultAPIBaseURL = "https://api.x.ai/v1" // CLIChatProxyBaseURL is the Grok CLI chat-proxy base URL for non-image/video // HTTP chat when auth using_api is false, including the OAuth default. CLIChatProxyBaseURL = "https://cli-chat-proxy.grok.com/v1" // Issuer is xAI's OAuth issuer. Issuer = "https://auth.x.ai" // DiscoveryURL is the OIDC discovery endpoint used to resolve OAuth endpoints. DiscoveryURL = Issuer + "/.well-known/openid-configuration" // ClientID is the public xAI Grok CLI OAuth client ID. ClientID = "b1a00492-073a-47ea-816f-4c329264a828" // Scope is the OAuth scope set required for xAI API access. Scope = "openid profile email offline_access grok-cli:access api:access" // DeviceCodeGrantType is the OAuth2 device authorization grant type (RFC 8628). DeviceCodeGrantType = "urn:ietf:params:oauth:grant-type:device_code" // MaxPollDuration is the upper bound for waiting on user authorization. MaxPollDuration = 30 * time.Minute )
Variables ¶
This section is empty.
Functions ¶
func CredentialFileName ¶
CredentialFileName returns the filename used for xAI credentials.
func RefreshLead ¶
RefreshLead returns the refresh lead time for xAI OAuth credentials.
Types ¶
type AuthBundle ¶
type AuthBundle struct {
TokenData TokenData
LastRefresh string
BaseURL string
RedirectURI string
TokenEndpoint string
}
AuthBundle aggregates token data and OAuth metadata for persistence.
type DeviceCodeResponse ¶ added in v7.2.64
type DeviceCodeResponse struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval"`
TokenEndpoint string `json:"-"`
}
DeviceCodeResponse represents xAI's device authorization response.
type Discovery ¶
type Discovery struct {
DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
}
Discovery contains OAuth endpoints resolved from xAI OIDC discovery.
type TokenData ¶
type TokenData struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
IDToken string `json:"id_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
Expire string `json:"expired,omitempty"`
Email string `json:"email,omitempty"`
Subject string `json:"sub,omitempty"`
}
TokenData holds xAI OAuth token data.
type TokenStorage ¶
type TokenStorage struct {
Type string `json:"type"`
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
IDToken string `json:"id_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
Expire string `json:"expired,omitempty"`
LastRefresh string `json:"last_refresh,omitempty"`
Email string `json:"email,omitempty"`
Subject string `json:"sub,omitempty"`
BaseURL string `json:"base_url,omitempty"`
RedirectURI string `json:"redirect_uri,omitempty"`
TokenEndpoint string `json:"token_endpoint,omitempty"`
AuthKind string `json:"auth_kind,omitempty"`
Metadata map[string]any `json:"-"`
}
TokenStorage stores xAI OAuth credentials on disk.
func (*TokenStorage) SaveTokenToFile ¶
func (ts *TokenStorage) SaveTokenToFile(authFilePath string) error
SaveTokenToFile writes xAI credentials to a JSON auth file.
func (*TokenStorage) SetMetadata ¶
func (ts *TokenStorage) SetMetadata(meta map[string]any)
SetMetadata allows the token store to merge status fields before saving.
type XAIAuth ¶
type XAIAuth struct {
// contains filtered or unexported fields
}
XAIAuth performs xAI OAuth discovery, device-code login, and refresh.
func NewXAIAuth ¶
NewXAIAuth creates an xAI OAuth helper using config proxy settings.
func NewXAIAuthWithProxyURL ¶
NewXAIAuthWithProxyURL creates an xAI OAuth helper with an explicit proxy URL.
func (*XAIAuth) CreateTokenStorage ¶
func (a *XAIAuth) CreateTokenStorage(bundle *AuthBundle) *TokenStorage
CreateTokenStorage converts an auth bundle into persistable storage.
func (*XAIAuth) PollForToken ¶ added in v7.2.64
func (a *XAIAuth) PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse) (*TokenData, error)
PollForToken polls the token endpoint until the user authorizes or the device code expires.
func (*XAIAuth) RefreshTokens ¶
func (a *XAIAuth) RefreshTokens(ctx context.Context, refreshToken, tokenEndpoint string) (*TokenData, error)
RefreshTokens refreshes an xAI access token.
func (*XAIAuth) RequestDeviceCode ¶ added in v7.2.64
func (a *XAIAuth) RequestDeviceCode(ctx context.Context, deviceAuthorizationEndpoint, tokenEndpoint string) (*DeviceCodeResponse, error)
RequestDeviceCode requests a device authorization code from the given endpoint.
func (*XAIAuth) StartDeviceFlow ¶ added in v7.2.64
func (a *XAIAuth) StartDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error)
StartDeviceFlow requests a device code from xAI.
func (*XAIAuth) WaitForAuthorization ¶ added in v7.2.64
func (a *XAIAuth) WaitForAuthorization(ctx context.Context, deviceCode *DeviceCodeResponse) (*AuthBundle, error)
WaitForAuthorization polls until the user authorizes the device code and returns tokens.