Documentation
¶
Overview ¶
Package auth provides authentication utilities for integration providers including token extraction, HTTP client builders, and credential helpers.
Index ¶
- Variables
- func APITokenClientBuilder(headers map[string]string) types.ClientBuilderFunc
- func APITokenFromPayload(payload types.CredentialPayload) (string, error)
- func BuildAWSConfig(ctx context.Context, region string, creds AWSCredentials, assume AWSAssumeRole) (aws.Config, error)
- func CloneMetadata(data map[string]any) map[string]any
- func DecodeProviderData(config map[string]any, target any) error
- func DefaultClientDescriptor(provider types.ProviderType, name types.ClientName, description string, ...) types.ClientDescriptor
- func DefaultClientDescriptors(provider types.ProviderType, name types.ClientName, description string, ...) []types.ClientDescriptor
- func ExtractMetadata[T any](payload types.CredentialPayload) (T, error)
- func GetJSONWithClient(ctx context.Context, client *AuthenticatedClient, endpoint string, ...) error
- func HTTPGetJSON(ctx context.Context, client *http.Client, url string, bearer string, ...) error
- func HTTPPostJSON(ctx context.Context, client *http.Client, url string, bearer string, ...) error
- func NormalizeServiceAccountKey(value string) string
- func OAuthClientBuilder(headers map[string]string) types.ClientBuilderFunc
- func OAuthTokenFromPayload(payload types.CredentialPayload) (string, error)
- func ParseDuration(value string) time.Duration
- func RandomState(bytes int) (string, error)
- func SetMetadataField(meta map[string]any, key, value string)
- type AWSAssumeRole
- type AWSCredentials
- type AWSMetadata
- type AuthenticatedClient
- func AuthenticatedClientFromAny(value any) *AuthenticatedClient
- func ClientAndAPIToken(input types.OperationInput) (*AuthenticatedClient, string, error)
- func ClientAndOAuthToken(input types.OperationInput) (*AuthenticatedClient, string, error)
- func NewAuthenticatedClient(bearerToken string, headers map[string]string) *AuthenticatedClient
- type HTTPRequestError
Constants ¶
This section is empty.
Variables ¶
var ( // ErrOAuthTokenMissing indicates the OAuth token is not present in the credential payload. ErrOAuthTokenMissing = errors.New("auth: oauth token missing") // ErrAccessTokenEmpty indicates the access token field is empty. ErrAccessTokenEmpty = errors.New("auth: access token empty") // ErrAPITokenMissing indicates the API token is not present in the credential payload. ErrAPITokenMissing = errors.New("auth: api token missing") // ErrHTTPRequestFailed indicates an HTTP request returned a non-2xx status. ErrHTTPRequestFailed = errors.New("auth: http request failed") // ErrRandomStateGeneration indicates random state generation failed. ErrRandomStateGeneration = errors.New("auth: random state generation failed") // ErrDecodeProviderDataTargetNil indicates provider data decoding target is nil. ErrDecodeProviderDataTargetNil = errors.New("auth: decode provider data target is nil") )
Functions ¶
func APITokenClientBuilder ¶
func APITokenClientBuilder(headers map[string]string) types.ClientBuilderFunc
APITokenClientBuilder returns a ClientBuilderFunc that extracts an API token and creates an AuthenticatedClient.
func APITokenFromPayload ¶
func APITokenFromPayload(payload types.CredentialPayload) (string, error)
APITokenFromPayload extracts a raw API token from the credential payload.
func BuildAWSConfig ¶
func BuildAWSConfig(ctx context.Context, region string, creds AWSCredentials, assume AWSAssumeRole) (aws.Config, error)
BuildAWSConfig constructs an AWS SDK config with optional static and assumed credentials
func CloneMetadata ¶
CloneMetadata creates a shallow copy of provider metadata, returning an empty map if nil.
func DecodeProviderData ¶
DecodeProviderData decodes provider metadata into the target struct without failing on unknown keys.
func DefaultClientDescriptor ¶
func DefaultClientDescriptor(provider types.ProviderType, name types.ClientName, description string, build types.ClientBuilderFunc) types.ClientDescriptor
DefaultClientDescriptor returns a descriptor with a default object config schema.
func DefaultClientDescriptors ¶
func DefaultClientDescriptors(provider types.ProviderType, name types.ClientName, description string, build types.ClientBuilderFunc) []types.ClientDescriptor
DefaultClientDescriptors returns a single-descriptor slice with a default object config schema.
func ExtractMetadata ¶
func ExtractMetadata[T any](payload types.CredentialPayload) (T, error)
ExtractMetadata decodes provider metadata from a credential payload into the target type.
func GetJSONWithClient ¶
func GetJSONWithClient(ctx context.Context, client *AuthenticatedClient, endpoint string, bearer string, headers map[string]string, out any) error
GetJSONWithClient uses the authenticated client when available, otherwise falls back to HTTPGetJSON
func HTTPGetJSON ¶
func HTTPGetJSON(ctx context.Context, client *http.Client, url string, bearer string, headers map[string]string, out any) error
HTTPGetJSON issues a GET request with the provided bearer token and decodes JSON responses
func HTTPPostJSON ¶
func HTTPPostJSON(ctx context.Context, client *http.Client, url string, bearer string, headers map[string]string, body any, out any) error
HTTPPostJSON issues a POST request with the provided bearer token and JSON body, then decodes JSON responses
func NormalizeServiceAccountKey ¶
NormalizeServiceAccountKey trims and unwraps JSON-encoded service account keys.
func OAuthClientBuilder ¶
func OAuthClientBuilder(headers map[string]string) types.ClientBuilderFunc
OAuthClientBuilder returns a ClientBuilderFunc that extracts an OAuth token and creates an AuthenticatedClient.
func OAuthTokenFromPayload ¶
func OAuthTokenFromPayload(payload types.CredentialPayload) (string, error)
OAuthTokenFromPayload extracts a usable access token from the credential payload
func ParseDuration ¶
ParseDuration returns a parsed duration or zero when invalid
func RandomState ¶
RandomState generates a URL-safe random string using crypto/rand
func SetMetadataField ¶
SetMetadataField sets a field in the metadata map only if the value is non-empty.
Types ¶
type AWSAssumeRole ¶
type AWSAssumeRole struct {
// RoleARN is the ARN of the role to assume
RoleARN string
// ExternalID is the external ID for role assumption
ExternalID string
// SessionName is the name for the session
SessionName string
// SessionDuration is the duration for the session
SessionDuration time.Duration
}
AWSAssumeRole captures the optional STS assume-role settings
type AWSCredentials ¶
type AWSCredentials struct {
// AccessKeyID is the AWS access key ID
AccessKeyID string
// SecretAccessKey is the AWS secret access key
SecretAccessKey string
// SessionToken is the AWS session token
SessionToken string
}
AWSCredentials captures static AWS access key credentials
func AWSCredentialsFromPayload ¶
func AWSCredentialsFromPayload(payload types.CredentialPayload) AWSCredentials
AWSCredentialsFromPayload extracts access keys from payload credentials with metadata fallback
type AWSMetadata ¶
type AWSMetadata struct {
// Region is the AWS region for API calls
Region string
// RoleARN is the ARN of the role to assume
RoleARN string
// AccountID is the AWS account ID
AccountID string
// ExternalID is the external ID for role assumption
ExternalID string
// SessionName is the name for the session
SessionName string
// SessionDuration is the duration for the session
SessionDuration time.Duration
}
AWSMetadata captures common AWS configuration fields stored in provider metadata
func AWSMetadataFromProviderData ¶
func AWSMetadataFromProviderData(meta map[string]any, defaultSessionName string) (AWSMetadata, error)
AWSMetadataFromProviderData normalizes AWS metadata with a default session name
type AuthenticatedClient ¶
type AuthenticatedClient struct {
// BearerToken is the optional bearer token for Authorization headers
BearerToken string
// Headers contains additional static headers for each request
Headers map[string]string
}
AuthenticatedClient wraps a bearer token and headers for simple HTTP JSON calls
func AuthenticatedClientFromAny ¶
func AuthenticatedClientFromAny(value any) *AuthenticatedClient
AuthenticatedClientFromAny attempts to unwrap an AuthenticatedClient from an arbitrary value
func ClientAndAPIToken ¶
func ClientAndAPIToken(input types.OperationInput) (*AuthenticatedClient, string, error)
ClientAndAPIToken returns the optional authenticated client and API token.
func ClientAndOAuthToken ¶
func ClientAndOAuthToken(input types.OperationInput) (*AuthenticatedClient, string, error)
ClientAndOAuthToken returns the optional authenticated client and OAuth token.
func NewAuthenticatedClient ¶
func NewAuthenticatedClient(bearerToken string, headers map[string]string) *AuthenticatedClient
NewAuthenticatedClient builds an AuthenticatedClient with a cloned header map
type HTTPRequestError ¶
type HTTPRequestError struct {
// URL is the URL that was requested
URL string
// Status is the HTTP status text returned by the request
Status string
// StatusCode is the HTTP status code returned by the request
StatusCode int
// Body is the response body returned by the request, if any
Body string
}
HTTPRequestError captures metadata for failed HTTP requests.
func (*HTTPRequestError) Error ¶
func (e *HTTPRequestError) Error() string
Error returns a formatted error message for the HTTP request failure
func (*HTTPRequestError) Unwrap ¶
func (e *HTTPRequestError) Unwrap() error
Unwrap allows errors.Is and errors.As to work with HTTPRequestError
Source Files