Documentation
¶
Overview ¶
Package keymaker orchestrates activation flows, credential minting, and client pooling for integrations using the new keystore/registry types.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ActivationSession ¶
type ActivationSession struct {
// State is the unique CSRF token identifying this authorization session
State string
// Provider identifies which provider is handling the authorization
Provider types.ProviderType
// OrgID identifies the organization initiating the flow
OrgID string
// IntegrationID identifies the integration record being activated
IntegrationID string
// Scopes contains the authorization scopes requested from the provider
Scopes []string
// Metadata carries additional provider-specific configuration
Metadata map[string]any
// LabelOverrides customizes UI labels presented during authorization
LabelOverrides map[string]string
// CreatedAt records when the session was initiated
CreatedAt time.Time
// ExpiresAt specifies when the session becomes invalid
ExpiresAt time.Time
// AuthSession holds the provider-specific authorization state
AuthSession types.AuthSession
}
ActivationSession captures the temporary state required to complete an OAuth flow
type BeginRequest ¶
type BeginRequest struct {
// OrgID identifies the organization initiating the flow
OrgID string
// IntegrationID identifies the integration record being activated
IntegrationID string
// Provider specifies which provider to use for authorization
Provider types.ProviderType
// RedirectURI overrides the default callback URL if specified
RedirectURI string
// Scopes requests specific authorization scopes from the provider
Scopes []string
// Metadata carries additional provider-specific configuration
Metadata map[string]any
// LabelOverrides customizes UI labels presented during authorization
LabelOverrides map[string]string
// State optionally supplies a custom CSRF token
State string
}
BeginRequest carries the information required to start an OAuth/OIDC activation flow
type BeginResponse ¶
type BeginResponse struct {
// Provider identifies which provider is handling the authorization
Provider types.ProviderType
// State contains the CSRF token that must be validated during callback
State string
// AuthURL is the provider authorization URL where the user should be redirected
AuthURL string
}
BeginResponse returns the authorization URL/state pair for the caller to redirect the user
type CompleteRequest ¶
type CompleteRequest struct {
// State is the CSRF token returned by the provider that identifies the session
State string
// Code is the authorization code exchanged for credentials
Code string
}
CompleteRequest carries the state/code pair received from the provider callback
type CompleteResult ¶
type CompleteResult struct {
// Provider identifies which provider issued the credential
Provider types.ProviderType
// OrgID identifies the organization that owns the credential
OrgID string
// IntegrationID identifies the integration record containing the credential
IntegrationID string
// Credential contains the persisted credential payload
Credential types.CredentialPayload
}
CompleteResult reports the persisted credential and related identifiers
type CredentialWriter ¶
type CredentialWriter interface {
SaveCredential(ctx context.Context, orgID string, payload types.CredentialPayload) (types.CredentialPayload, error)
}
CredentialWriter persists credential payloads produced during activation
type MemorySessionStore ¶
type MemorySessionStore struct {
// contains filtered or unexported fields
}
MemorySessionStore stores activation sessions in memory and is safe for concurrent use
func NewMemorySessionStore ¶
func NewMemorySessionStore() *MemorySessionStore
NewMemorySessionStore returns an in-memory session store
func (*MemorySessionStore) Save ¶
func (m *MemorySessionStore) Save(session ActivationSession) error
Save records the provided activation session
func (*MemorySessionStore) Take ¶
func (m *MemorySessionStore) Take(state string) (ActivationSession, error)
Take retrieves and deletes the session associated with the given state
type ProviderResolver ¶
type ProviderResolver interface {
Provider(provider types.ProviderType) (types.Provider, bool)
}
ProviderResolver exposes provider lookups. registry.Registry satisfies this interface
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service orchestrates activation flows by brokering providers, sessions, and keystore writes
func NewService ¶
func NewService(providers ProviderResolver, keystore CredentialWriter, sessions SessionStore, opts ServiceOptions) (*Service, error)
NewService constructs a Service from the supplied dependencies
func (*Service) BeginAuthorization ¶
func (s *Service) BeginAuthorization(ctx context.Context, req BeginRequest) (BeginResponse, error)
BeginAuthorization starts an OAuth/OIDC transaction with the requested provider
func (*Service) CompleteAuthorization ¶
func (s *Service) CompleteAuthorization(ctx context.Context, req CompleteRequest) (CompleteResult, error)
CompleteAuthorization finalizes an OAuth/OIDC transaction and persists the resulting credential
type ServiceOptions ¶
type ServiceOptions struct {
// SessionTTL controls how long OAuth sessions remain valid
SessionTTL time.Duration
// Now overrides the time source; primarily used for tests
Now func() time.Time
}
ServiceOptions configure optional service behaviors
type SessionStore ¶
type SessionStore interface {
Save(session ActivationSession) error
Take(state string) (ActivationSession, error)
}
SessionStore persists activation sessions until the provider callback is completed
Source Files