Documentation
¶
Index ¶
- Constants
- Variables
- func ClientIDFromAuthorizeURL(raw string) (string, error)
- func ExchangeAuthorizationCode(ctx context.Context, httpClient *http.Client, env *environments.EnvironmentSet, ...) (*credentials.CreLoginTokenSet, error)
- func GeneratePKCE() (verifier, challenge string, err error)
- func NewCallbackHTTPServer(listenAddr string, callback http.HandlerFunc) (*http.Server, net.Listener, error)
- func OAuthServerBaseFromAuthorizeURL(raw string) (string, error)
- func OpenBrowser(urlStr string, goos string) error
- func RandomState() (string, error)
- func SecretsCallbackHandler(codeCh chan<- string, expectedState string, log *zerolog.Logger) http.HandlerFunc
- func ServeEmbeddedHTML(log *zerolog.Logger, w http.ResponseWriter, filePath string, status int)
- func ServeWaitingPage(log *zerolog.Logger, w http.ResponseWriter, redirectURL string)
- func StateFromAuthorizeURL(raw string) (string, error)
Constants ¶
const ( PageError = "htmlPages/error.html" PageSuccess = "htmlPages/success.html" PageSecretsSuccess = "htmlPages/secrets_success.html" PageSecretsError = "htmlPages/secrets_error.html" PageWaiting = "htmlPages/waiting.html" StylePage = "htmlPages/output.css" )
Variables ¶
var DefaultHTTPClient = &http.Client{Timeout: 10 * time.Second}
DefaultHTTPClient is used for token exchange when no client is supplied.
Functions ¶
func ClientIDFromAuthorizeURL ¶ added in v1.8.1
ClientIDFromAuthorizeURL returns the "client_id" query parameter from an authorize URL (if present). Token exchange must use the same client_id the IdP bound to the authorization code.
func ExchangeAuthorizationCode ¶
func ExchangeAuthorizationCode(ctx context.Context, httpClient *http.Client, env *environments.EnvironmentSet, code, codeVerifier, oauthClientID, oauthAuthServerBase string) (*credentials.CreLoginTokenSet, error)
ExchangeAuthorizationCode exchanges an OAuth authorization code for tokens (PKCE). If oauthClientID is non-empty, it is used as client_id (must match the authorize URL). If oauthAuthServerBase is non-empty (scheme + host only), it is used as the token endpoint host; otherwise env.AuthBase is used (e.g. cre login builds the authorize URL from env).
func GeneratePKCE ¶
GeneratePKCE returns an RFC 7636 S256 code verifier and code challenge.
func NewCallbackHTTPServer ¶
func NewCallbackHTTPServer(listenAddr string, callback http.HandlerFunc) (*http.Server, net.Listener, error)
NewCallbackHTTPServer listens on listenAddr and serves callback on /callback.
func OAuthServerBaseFromAuthorizeURL ¶ added in v1.8.1
OAuthServerBaseFromAuthorizeURL returns the authorization server origin (scheme + host) for the given authorize URL. The token endpoint must be on the same host that issued the authorization code.
func OpenBrowser ¶
OpenBrowser opens urlStr in the default browser for the given GOOS value.
func RandomState ¶
RandomState returns a URL-safe random string suitable for OAuth "state".
func SecretsCallbackHandler ¶ added in v1.8.1
func SecretsCallbackHandler(codeCh chan<- string, expectedState string, log *zerolog.Logger) http.HandlerFunc
SecretsCallbackHandler handles the OAuth redirect for the browser secrets flow. If expectedState is non-empty (parsed from the platform authorize URL), the callback must include the same state; otherwise only a non-empty authorization code is required.
func ServeEmbeddedHTML ¶
ServeEmbeddedHTML serves an embedded HTML page with inline CSS.
func ServeWaitingPage ¶
func ServeWaitingPage(log *zerolog.Logger, w http.ResponseWriter, redirectURL string)
ServeWaitingPage serves the waiting page with the redirect URL injected.
func StateFromAuthorizeURL ¶ added in v1.8.1
StateFromAuthorizeURL returns the OAuth "state" query parameter from an authorize URL, if present.
Types ¶
This section is empty.
Source Files