Documentation
¶
Index ¶
- type AccessID
- type Key
- type MemoryRefreshStore
- type Refresh
- type RefreshStore
- type Secret
- type StoragePolicy
- type Store
- func (s *Store) ClearAll()
- func (s *Store) DeleteAccessID(k Key)
- func (s *Store) DeleteRefresh(k Key) error
- func (s *Store) GetAccessID(k Key) (AccessID, bool)
- func (s *Store) GetRefresh(k Key) (Refresh, bool, error)
- func (s *Store) InvalidateAccess(k Key)
- func (s *Store) Logout(k Key) error
- func (s *Store) SetAccessID(k Key, v AccessID)
- func (s *Store) SetRefresh(k Key, r Refresh) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessID ¶
type AccessID struct {
Access scyauth.Token
AccessExpiry time.Time
IDToken string
IDExpiry time.Time
Issuer string
Scopes []string
}
AccessID holds access and id tokens with independent expiries.
type Key ¶
type Key struct {
Authority authority.AuthAuthority
Subject string
Audience string
}
Key identifies a token set for a user and audience under a given authority.
type MemoryRefreshStore ¶
type MemoryRefreshStore struct {
// contains filtered or unexported fields
}
MemoryRefreshStore is an in-memory RefreshStore useful for tests or ephemeral sessions. Note: This store does not encrypt at rest; use only when policy allows non-persistent storage.
func NewMemoryRefreshStore ¶
func NewMemoryRefreshStore() *MemoryRefreshStore
func (*MemoryRefreshStore) Delete ¶
func (m *MemoryRefreshStore) Delete(k Key) error
type RefreshStore ¶
type RefreshStore interface {
Get(k Key) (Refresh, bool, error)
Set(k Key, r Refresh) error
Delete(k Key) error
}
RefreshStore persists refresh tokens securely (e.g., OS keychain or encrypted file). Implementations must ensure encryption at rest and never log secrets.
type Secret ¶
type Secret struct {
// contains filtered or unexported fields
}
Secret holds sensitive bytes that can be zeroized when cleared. Avoid storing tokens as strings to enable zeroization.
type StoragePolicy ¶
type StoragePolicy struct {
AccessInMemoryOnly bool // default: true
IDInMemoryOnly bool // default: true
RefreshEncrypted bool // default: true (persist via RefreshStore)
}
StoragePolicy controls how tokens are stored.
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store keeps access/id tokens in-memory and delegates refresh tokens to RefreshStore.
func NewStore ¶
func NewStore(refresh RefreshStore, policy StoragePolicy) (*Store, error)
NewStore constructs a Store with the provided refresh store and policy. Validates required dependencies.
func (*Store) ClearAll ¶
func (s *Store) ClearAll()
ClearAll removes all in-memory tokens and attempts to delete refresh tokens via store.
func (*Store) DeleteAccessID ¶
DeleteAccessID removes and zeroizes access/id tokens for the key.
func (*Store) DeleteRefresh ¶
DeleteRefresh removes refresh token from the refresh store.
func (*Store) GetAccessID ¶
GetAccessID retrieves non-expired access/id tokens. Returns false if missing or expired per type.
func (*Store) GetRefresh ¶
GetRefresh retrieves the refresh token from the refresh store.
func (*Store) InvalidateAccess ¶
InvalidateAccess clears only the access token and its expiry, keeping ID token if present.
func (*Store) SetAccessID ¶
SetAccessID stores access and id tokens with expiries in memory.
Source Files