auth

package
v0.59.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DeleteClientInfo 

func DeleteClientInfo(cacheDir, serverHash string) error

DeleteClientInfo removes stored client info.

func DeleteFile 

func DeleteFile(cacheDir, serverHash, filename string) error

DeleteFile removes a file from the cache directory.

func DeleteTokens 

func DeleteTokens(cacheDir, serverHash string) error

DeleteTokens removes stored tokens.

func FindAvailablePort 

func FindAvailablePort(preferred int) (int, error)

FindAvailablePort finds an available port starting from the preferred port.

func ReadJSON 

func ReadJSON(cacheDir, serverHash, filename string, v any) error

ReadJSON reads and unmarshals a JSON file from the cache directory.

func SaveClientInfo 

func SaveClientInfo(cacheDir, serverHash string, info *ClientInfo) error

SaveClientInfo persists client info to the cache directory.

func SaveTokens 

func SaveTokens(cacheDir, serverHash string, tokens *Tokens) error

SaveTokens persists tokens to the cache directory.

func WriteJSON 

func WriteJSON(cacheDir, serverHash, filename string, v any) error

WriteJSON marshals and writes a JSON file to the cache directory.

Types

type CallbackServer 

type CallbackServer struct {
	// contains filtered or unexported fields
}

CallbackServer handles OAuth callback redirects.

func NewCallbackServer 

func NewCallbackServer(port int) (*CallbackServer, error)

NewCallbackServer creates a new callback server.

func (*CallbackServer) Close 

func (cs *CallbackServer) Close() error

Close stops the callback server.

func (*CallbackServer) Port 

func (cs *CallbackServer) Port() int

Port returns the port the server is listening on.

func (*CallbackServer) Start 

func (cs *CallbackServer) Start()

Start starts the callback server.

func (*CallbackServer) WaitForCode 

func (cs *CallbackServer) WaitForCode(ctx context.Context, timeout time.Duration) (string, error)

WaitForCode waits for the authorisation code.

type ClientInfo 

type ClientInfo struct {
	ClientID                string   `json:"client_id"`
	ClientSecret            string   `json:"client_secret,omitempty"`
	ClientIDIssuedAt        int64    `json:"client_id_issued_at,omitempty"`
	ClientSecretExpiresAt   int64    `json:"client_secret_expires_at,omitempty"`
	RedirectURIs            []string `json:"redirect_uris"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method,omitempty"`
	GrantTypes              []string `json:"grant_types,omitempty"`
	ResponseTypes           []string `json:"response_types,omitempty"`
	ClientName              string   `json:"client_name,omitempty"`
	ClientURI               string   `json:"client_uri,omitempty"`
	Scope                   string   `json:"scope,omitempty"`
}

ClientInfo holds OAuth client registration information.

func LoadClientInfo 

func LoadClientInfo(cacheDir, serverHash string) (*ClientInfo, error)

LoadClientInfo loads client info from the cache directory.

type ClientMetadata 

type ClientMetadata struct {
	RedirectURIs            []string `json:"redirect_uris"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method,omitempty"`
	GrantTypes              []string `json:"grant_types,omitempty"`
	ResponseTypes           []string `json:"response_types,omitempty"`
	ClientName              string   `json:"client_name,omitempty"`
	ClientURI               string   `json:"client_uri,omitempty"`
	Scope                   string   `json:"scope,omitempty"`
	SoftwareID              string   `json:"software_id,omitempty"`
	SoftwareVersion         string   `json:"software_version,omitempty"`
}

ClientMetadata holds OAuth client metadata for registration.

type PKCE 

type PKCE struct {
	Verifier  string
	Challenge string
	Method    string
}

PKCE holds the code verifier and challenge for OAuth PKCE flow.

func NewPKCE 

func NewPKCE() (*PKCE, error)

NewPKCE generates a new PKCE code verifier and challenge.

type Provider 

type Provider struct {
	// contains filtered or unexported fields
}

Provider implements OAuth authentication for MCP.

func NewProvider 

func NewProvider(cfg *ProviderConfig) *Provider

NewProvider creates a new OAuth provider.

func (*Provider) ExchangeCode 

func (p *Provider) ExchangeCode(ctx context.Context, code string) error

ExchangeCode exchanges an authorisation code for tokens.

func (*Provider) GetAccessToken 

func (p *Provider) GetAccessToken(ctx context.Context) (string, error)

GetAccessToken returns the current access token.

func (*Provider) GetAuthorizationURL 

func (p *Provider) GetAuthorizationURL(resource string) (string, error)

GetAuthorizationURL returns the OAuth authorisation URL.

func (*Provider) HasValidTokens 

func (p *Provider) HasValidTokens() bool

HasValidTokens returns true if valid tokens are available.

func (*Provider) Initialise 

func (p *Provider) Initialise(ctx context.Context) error

Initialise prepares the OAuth provider for authentication.

func (*Provider) Port 

func (p *Provider) Port() int

Port returns the configured callback port.

func (*Provider) RefreshToken 

func (p *Provider) RefreshToken(ctx context.Context) error

RefreshToken refreshes the access token.

type ProviderConfig 

type ProviderConfig struct {
	ServerURL            string
	ServerHash           string
	CallbackPort         int
	CallbackHost         string
	ClientName           string
	CacheDir             string
	StaticClientInfo     *ClientInfo
	StaticClientMetadata *ClientMetadata
}

ProviderConfig holds configuration for the auth provider.

type ServerMetadata 

type ServerMetadata struct {
	Issuer                            string   `json:"issuer"`
	AuthorizationEndpoint             string   `json:"authorization_endpoint"`
	TokenEndpoint                     string   `json:"token_endpoint"`
	RegistrationEndpoint              string   `json:"registration_endpoint,omitempty"`
	ScopesSupported                   []string `json:"scopes_supported,omitempty"`
	ResponseTypesSupported            []string `json:"response_types_supported,omitempty"`
	GrantTypesSupported               []string `json:"grant_types_supported,omitempty"`
	CodeChallengeMethodsSupported     []string `json:"code_challenge_methods_supported,omitempty"`
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
}

ServerMetadata holds OAuth authorisation server metadata.

func FetchServerMetadata 

func FetchServerMetadata(ctx context.Context, serverURL string) (*ServerMetadata, error)

FetchServerMetadata fetches OAuth authorisation server metadata. Follows RFC 8414 and MCP spec for discovery.

func (*ServerMetadata) SupportsPKCE 

func (m *ServerMetadata) SupportsPKCE() bool

SupportsPKCE returns true if the server supports PKCE with S256.

func (*ServerMetadata) ValidateScopes 

func (m *ServerMetadata) ValidateScopes(requested []string) []string

ValidateScopes validates requested scopes against supported scopes.

type Tokens 

type Tokens struct {
	AccessToken  string    `json:"access_token"`
	TokenType    string    `json:"token_type"`
	RefreshToken string    `json:"refresh_token,omitempty"`
	ExpiresIn    int       `json:"expires_in,omitempty"`
	ExpiresAt    time.Time `json:"expires_at"`
	Scope        string    `json:"scope,omitempty"`
}

Tokens holds OAuth tokens.

func LoadTokens 

func LoadTokens(cacheDir, serverHash string) (*Tokens, error)

LoadTokens loads tokens from the cache directory.

func (*Tokens) IsExpired 

func (t *Tokens) IsExpired() bool

IsExpired returns true if the access token is expired.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.