discovery

package

v0.2.10 Latest Latest Go to latest Published: Aug 21, 2025 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/toolhive

Links

Documentation ¶

Overview ¶

Package discovery provides authentication discovery utilities for detecting authentication requirements from remote servers.

Supported Authentication Types: - OAuth 2.0 with PKCE (Proof Key for Code Exchange) - OIDC (OpenID Connect) discovery - Manual OAuth endpoint configuration

Index ¶

Constants
func DeriveIssuerFromURL(remoteURL string) string
func ExtractParameter(params, paramName string) string
type AuthInfo
- func DetectAuthenticationFromServer(ctx context.Context, targetURI string, config *Config) (*AuthInfo, error)
- func ParseWWWAuthenticate(header string) (*AuthInfo, error)
type Config
- func DefaultDiscoveryConfig() *Config
type OAuthFlowConfig
type OAuthFlowResult
- func PerformOAuthFlow(ctx context.Context, issuer string, config *OAuthFlowConfig) (*OAuthFlowResult, error)

Constants ¶

View Source

const (
	DefaultOAuthTimeout      = 5 * time.Minute
	DefaultHTTPTimeout       = 30 * time.Second
	DefaultAuthDetectTimeout = 10 * time.Second
	MaxRetryAttempts         = 3
	RetryBaseDelay           = 2 * time.Second
)

Default timeout constants for authentication operations

Variables ¶

This section is empty.

Functions ¶

func DeriveIssuerFromURL ¶

func DeriveIssuerFromURL(remoteURL string) string

DeriveIssuerFromURL attempts to derive the OAuth issuer from the remote URL using general patterns

func ExtractParameter ¶

func ExtractParameter(params, paramName string) string

ExtractParameter extracts a parameter value from an authentication header

Types ¶

type AuthInfo ¶

type AuthInfo struct {
	Realm            string
	Type             string
	ResourceMetadata string
	Error            string
	ErrorDescription string
}

AuthInfo contains authentication information extracted from WWW-Authenticate header

func DetectAuthenticationFromServer ¶

func DetectAuthenticationFromServer(ctx context.Context, targetURI string, config *Config) (*AuthInfo, error)

DetectAuthenticationFromServer attempts to detect authentication requirements from the target server

func ParseWWWAuthenticate ¶

func ParseWWWAuthenticate(header string) (*AuthInfo, error)

ParseWWWAuthenticate parses the WWW-Authenticate header to extract authentication information Supports multiple authentication schemes and complex header formats

type Config ¶

type Config struct {
	Timeout               time.Duration
	TLSHandshakeTimeout   time.Duration
	ResponseHeaderTimeout time.Duration
	EnablePOSTDetection   bool // Whether to try POST requests for detection
}

Config holds configuration for authentication discovery

func DefaultDiscoveryConfig ¶

func DefaultDiscoveryConfig() *Config

DefaultDiscoveryConfig returns a default discovery configuration

type OAuthFlowConfig ¶

type OAuthFlowConfig struct {
	ClientID     string
	ClientSecret string
	AuthorizeURL string // Manual OAuth endpoint (optional)
	TokenURL     string // Manual OAuth endpoint (optional)
	Scopes       []string
	CallbackPort int
	Timeout      time.Duration
	SkipBrowser  bool
	OAuthParams  map[string]string
}

OAuthFlowConfig contains configuration for performing OAuth flows

type OAuthFlowResult ¶

type OAuthFlowResult struct {
	TokenSource *oauth2.TokenSource
	Config      *oauth.Config
}

OAuthFlowResult contains the result of an OAuth flow

func PerformOAuthFlow ¶

func PerformOAuthFlow(ctx context.Context, issuer string, config *OAuthFlowConfig) (*OAuthFlowResult, error)

PerformOAuthFlow performs an OAuth authentication flow with the given configuration

Source Files ¶

View all Source files

discovery.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL