auth

package
v1.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 16, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package auth provides authentication utilities for integration providers including token extraction, HTTP client builders, and credential helpers.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrOAuthTokenMissing indicates the OAuth token is not present in the credential payload.
	ErrOAuthTokenMissing = errors.New("auth: oauth token missing")
	// ErrAccessTokenEmpty indicates the access token field is empty.
	ErrAccessTokenEmpty = errors.New("auth: access token empty")
	// ErrAPITokenMissing indicates the API token is not present in the credential payload.
	ErrAPITokenMissing = errors.New("auth: api token missing")
	// ErrHTTPRequestFailed indicates an HTTP request returned a non-2xx status.
	ErrHTTPRequestFailed = errors.New("auth: http request failed")
	// ErrRandomStateGeneration indicates random state generation failed.
	ErrRandomStateGeneration = errors.New("auth: random state generation failed")
	// ErrDecodeProviderDataTargetNil indicates provider data decoding target is nil.
	ErrDecodeProviderDataTargetNil = errors.New("auth: decode provider data target is nil")
)

Functions

func APITokenClientBuilder

func APITokenClientBuilder(headers map[string]string) types.ClientBuilderFunc

APITokenClientBuilder returns a ClientBuilderFunc that extracts an API token and creates an AuthenticatedClient.

func APITokenFromPayload

func APITokenFromPayload(payload types.CredentialPayload) (string, error)

APITokenFromPayload extracts a raw API token from the credential payload.

func BuildAWSConfig

func BuildAWSConfig(ctx context.Context, region string, creds AWSCredentials, assume AWSAssumeRole) (aws.Config, error)

BuildAWSConfig constructs an AWS SDK config with optional static and assumed credentials

func CloneMetadata

func CloneMetadata(data map[string]any) map[string]any

CloneMetadata creates a shallow copy of provider metadata, returning an empty map if nil.

func DecodeProviderData

func DecodeProviderData(config map[string]any, target any) error

DecodeProviderData decodes provider metadata into the target struct without failing on unknown keys.

func DefaultClientDescriptor

func DefaultClientDescriptor(provider types.ProviderType, name types.ClientName, description string, build types.ClientBuilderFunc) types.ClientDescriptor

DefaultClientDescriptor returns a descriptor with a default object config schema.

func DefaultClientDescriptors

func DefaultClientDescriptors(provider types.ProviderType, name types.ClientName, description string, build types.ClientBuilderFunc) []types.ClientDescriptor

DefaultClientDescriptors returns a single-descriptor slice with a default object config schema.

func ExtractMetadata

func ExtractMetadata[T any](payload types.CredentialPayload) (T, error)

ExtractMetadata decodes provider metadata from a credential payload into the target type.

func GetJSONWithClient

func GetJSONWithClient(ctx context.Context, client *AuthenticatedClient, endpoint string, bearer string, headers map[string]string, out any) error

GetJSONWithClient uses the authenticated client when available, otherwise falls back to HTTPGetJSON

func HTTPGetJSON

func HTTPGetJSON(ctx context.Context, client *http.Client, url string, bearer string, headers map[string]string, out any) error

HTTPGetJSON issues a GET request with the provided bearer token and decodes JSON responses

func HTTPPostJSON

func HTTPPostJSON(ctx context.Context, client *http.Client, url string, bearer string, headers map[string]string, body any, out any) error

HTTPPostJSON issues a POST request with the provided bearer token and JSON body, then decodes JSON responses

func NormalizeServiceAccountKey

func NormalizeServiceAccountKey(value string) string

NormalizeServiceAccountKey trims and unwraps JSON-encoded service account keys.

func OAuthClientBuilder

func OAuthClientBuilder(headers map[string]string) types.ClientBuilderFunc

OAuthClientBuilder returns a ClientBuilderFunc that extracts an OAuth token and creates an AuthenticatedClient.

func OAuthTokenFromPayload

func OAuthTokenFromPayload(payload types.CredentialPayload) (string, error)

OAuthTokenFromPayload extracts a usable access token from the credential payload

func ParseDuration

func ParseDuration(value string) time.Duration

ParseDuration returns a parsed duration or zero when invalid

func RandomState

func RandomState(bytes int) (string, error)

RandomState generates a URL-safe random string using crypto/rand

func SetMetadataField

func SetMetadataField(meta map[string]any, key, value string)

SetMetadataField sets a field in the metadata map only if the value is non-empty.

Types

type AWSAssumeRole

type AWSAssumeRole struct {
	// RoleARN is the ARN of the role to assume
	RoleARN string
	// ExternalID is the external ID for role assumption
	ExternalID string
	// SessionName is the name for the session
	SessionName string
	// SessionDuration is the duration for the session
	SessionDuration time.Duration
}

AWSAssumeRole captures the optional STS assume-role settings

type AWSCredentials

type AWSCredentials struct {
	// AccessKeyID is the AWS access key ID
	AccessKeyID string
	// SecretAccessKey is the AWS secret access key
	SecretAccessKey string
	// SessionToken is the AWS session token
	SessionToken string
}

AWSCredentials captures static AWS access key credentials

func AWSCredentialsFromPayload

func AWSCredentialsFromPayload(payload types.CredentialPayload) AWSCredentials

AWSCredentialsFromPayload extracts access keys from payload credentials with metadata fallback

type AWSMetadata

type AWSMetadata struct {
	// Region is the AWS region for API calls
	Region string
	// RoleARN is the ARN of the role to assume
	RoleARN string
	// AccountID is the AWS account ID
	AccountID string
	// ExternalID is the external ID for role assumption
	ExternalID string
	// SessionName is the name for the session
	SessionName string
	// SessionDuration is the duration for the session
	SessionDuration time.Duration
}

AWSMetadata captures common AWS configuration fields stored in provider metadata

func AWSMetadataFromProviderData

func AWSMetadataFromProviderData(meta map[string]any, defaultSessionName string) (AWSMetadata, error)

AWSMetadataFromProviderData normalizes AWS metadata with a default session name

type AuthenticatedClient

type AuthenticatedClient struct {
	// BearerToken is the optional bearer token for Authorization headers
	BearerToken string
	// Headers contains additional static headers for each request
	Headers map[string]string
}

AuthenticatedClient wraps a bearer token and headers for simple HTTP JSON calls

func AuthenticatedClientFromAny

func AuthenticatedClientFromAny(value any) *AuthenticatedClient

AuthenticatedClientFromAny attempts to unwrap an AuthenticatedClient from an arbitrary value

func ClientAndAPIToken

func ClientAndAPIToken(input types.OperationInput) (*AuthenticatedClient, string, error)

ClientAndAPIToken returns the optional authenticated client and API token.

func ClientAndOAuthToken

func ClientAndOAuthToken(input types.OperationInput) (*AuthenticatedClient, string, error)

ClientAndOAuthToken returns the optional authenticated client and OAuth token.

func NewAuthenticatedClient

func NewAuthenticatedClient(bearerToken string, headers map[string]string) *AuthenticatedClient

NewAuthenticatedClient builds an AuthenticatedClient with a cloned header map

func (*AuthenticatedClient) GetJSON

func (c *AuthenticatedClient) GetJSON(ctx context.Context, endpoint string, out any) error

GetJSON issues a GET request using the stored credentials and decodes the JSON response

type HTTPRequestError

type HTTPRequestError struct {
	// URL is the URL that was requested
	URL string
	// Status is the HTTP status text returned by the request
	Status string
	// StatusCode is the HTTP status code returned by the request
	StatusCode int
	// Body is the response body returned by the request, if any
	Body string
}

HTTPRequestError captures metadata for failed HTTP requests.

func (*HTTPRequestError) Error

func (e *HTTPRequestError) Error() string

Error returns a formatted error message for the HTTP request failure

func (*HTTPRequestError) Unwrap

func (e *HTTPRequestError) Unwrap() error

Unwrap allows errors.Is and errors.As to work with HTTPRequestError

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL