Documentation
¶
Overview ¶
Package keymaker orchestrates OAuth/OIDC activation flows for integrations
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrDefinitionIDRequired indicates the caller did not provide a definition identifier ErrDefinitionIDRequired = errors.New("keymaker: definition id required") // ErrDefinitionNotFound signals the requested definition does not exist in the registry ErrDefinitionNotFound = errors.New("keymaker: definition not found") // ErrDefinitionAuthRequired indicates the definition does not have an auth registration ErrDefinitionAuthRequired = errors.New("keymaker: definition has no auth registration") // ErrConnectionNotFound indicates the requested connection does not exist on the definition ErrConnectionNotFound = errors.New("keymaker: connection not found") // ErrInstallationIDRequired indicates the caller did not provide an installation identifier ErrInstallationIDRequired = errors.New("keymaker: installation id required") // ErrInstallationNotFound indicates the referenced installation does not exist ErrInstallationNotFound = errors.New("keymaker: installation not found") // ErrInstallationDefinitionMismatch indicates the installation definition does not match the requested definition ErrInstallationDefinitionMismatch = errors.New("keymaker: installation definition mismatch") // ErrInstallationOwnerMismatch indicates the installation does not belong to the authenticated caller organization ErrInstallationOwnerMismatch = errors.New("keymaker: installation owner mismatch") // ErrAuthStateNotFound indicates the provided state token does not map to an active session ErrAuthStateNotFound = errors.New("keymaker: definition auth state not found") // ErrAuthStateExpired indicates the stored session has expired ErrAuthStateExpired = errors.New("keymaker: definition auth state expired") // ErrAuthStateStoreFull indicates the auth state store has reached capacity ErrAuthStateStoreFull = errors.New("keymaker: definition auth state store full") // ErrAuthStateTokenRequired indicates the state token is required for session lookup ErrAuthStateTokenRequired = errors.New("keymaker: state token required") )
Functions ¶
This section is empty.
Types ¶
type AuthCompleteHookFunc ¶ added in v1.15.0
type AuthCompleteHookFunc func(ctx context.Context, installationID string, credentialRef types.CredentialSlotID, definition types.Definition, result types.AuthCompleteResult) error
AuthCompleteHookFunc is the callback invoked after a definition auth flow completes successfully
type AuthState ¶ added in v1.15.0
type AuthState struct {
// State is the unique CSRF token identifying this authorization session
State string
// DefinitionID identifies which definition is handling the authorization
DefinitionID string
// InstallationID identifies the installation record being activated
InstallationID string
// CredentialRef identifies which credential-schema-selected connection mode is being activated
CredentialRef types.CredentialSlotID
// CallbackState holds the opaque state payload returned by the definition's AuthStartFunc
CallbackState json.RawMessage
// CreatedAt records when the session was initiated
CreatedAt time.Time
// ExpiresAt specifies when the session becomes invalid
ExpiresAt time.Time
}
AuthState captures the temporary state required to complete a definition auth flow callback
type AuthStateStore ¶ added in v1.15.0
AuthStateStore persists callback state until the definition auth callback is completed
type BeginRequest ¶
type BeginRequest struct {
// DefinitionID identifies which definition to use for authorization
DefinitionID string
// InstallationID identifies the installation record being activated
InstallationID string
// CredentialRef identifies which credential-schema-selected connection mode should be activated
CredentialRef types.CredentialSlotID
// Input carries optional definition-specific input to the auth start function
Input json.RawMessage
}
BeginRequest carries the information required to start a definition auth flow
type BeginResponse ¶
type BeginResponse struct {
// DefinitionID identifies which definition is handling the authorization
DefinitionID string
// State contains the CSRF token that must be presented during callback
State string
// AuthURL is the authorization URL where the user should be redirected
AuthURL string
}
BeginResponse returns the authorization URL and session state token
type CompleteRequest ¶
type CompleteRequest struct {
// State is the CSRF token that identifies the session
State string
// Callback carries the generic callback payload captured from the provider redirect
Callback types.AuthCallbackInput
}
CompleteRequest carries the state token and callback input from the auth provider
type CompleteResult ¶
type CompleteResult struct {
// DefinitionID identifies which definition issued the credential
DefinitionID string
// InstallationID identifies the installation record containing the credential
InstallationID string
// CredentialRef identifies which credential slot received the persisted credential
CredentialRef types.CredentialSlotID
// Credential contains the persisted credential payload
Credential types.CredentialSet
}
CompleteResult reports the persisted credential and related identifiers
type DefinitionLookupFunc ¶ added in v1.15.0
type DefinitionLookupFunc func(id string) (types.Definition, bool)
DefinitionLookupFunc resolves definitions for auth flow dispatch
type InMemoryAuthStateStore ¶ added in v1.15.0
type InMemoryAuthStateStore struct {
// contains filtered or unexported fields
}
InMemoryAuthStateStore stores definition auth callback state in process memory and is safe for concurrent use
func NewInMemoryAuthStateStore ¶ added in v1.15.0
func NewInMemoryAuthStateStore() *InMemoryAuthStateStore
NewInMemoryAuthStateStore returns an in-memory definition authorization state store
func (*InMemoryAuthStateStore) Save ¶ added in v1.15.0
func (m *InMemoryAuthStateStore) Save(state AuthState) error
Save records the provided definition authorization state
type InstallationLookupFunc ¶ added in v1.15.0
type InstallationLookupFunc func(ctx context.Context, installationID string) (InstallationRecord, error)
InstallationLookupFunc resolves one installation used during auth flow validation.
type InstallationRecord ¶ added in v1.15.0
InstallationRecord captures the installation fields required by auth validation.
type RedisAuthStateStore ¶ added in v1.15.0
type RedisAuthStateStore struct {
// contains filtered or unexported fields
}
RedisAuthStateStore stores auth callback state in Redis
func NewRedisAuthStateStore ¶ added in v1.15.0
func NewRedisAuthStateStore(client *redis.Client) *RedisAuthStateStore
NewRedisAuthStateStore returns a Redis-backed auth state store
func (*RedisAuthStateStore) Save ¶ added in v1.15.0
func (r *RedisAuthStateStore) Save(state AuthState) error
Save records the provided definition authorization state with an expiry
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service orchestrates auth flows for integration definitions
func NewService ¶
func NewService(definitionLookup DefinitionLookupFunc, onAuthComplete AuthCompleteHookFunc, installationLookup InstallationLookupFunc, authStates AuthStateStore) *Service
NewService constructs a Service from the supplied dependencies
func (*Service) BeginAuth ¶ added in v1.15.0
func (s *Service) BeginAuth(ctx context.Context, req BeginRequest) (BeginResponse, error)
BeginAuth starts an auth transaction for the requested definition
func (*Service) CompleteAuth ¶ added in v1.15.0
func (s *Service) CompleteAuth(ctx context.Context, req CompleteRequest) (CompleteResult, error)
CompleteAuth finalizes a definition auth transaction and persists the resulting auth result
Source Files