Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BlowfishEnsureKey ¶
BlowfishEnsureKey derives a stable 32-byte key from the given salt/passphrase. It uses the same derivation as other blowfish helpers for consistency.
func NewTokenStore ¶
func NewTokenStore(refreshDir string, key tokens.KeyProvider, policy tokens.StoragePolicy) (*tokens.Store, error)
NewTokenStore constructs a tokens.Store with an encrypted file-backed refresh store. - refreshDir: directory for encrypted refresh blobs (created with 0700 perms) - key: key provider for encrypting refresh tokens - policy: storage policy for access/id and refresh tokens
Types ¶
type Option ¶
type Option func(*Runtime)
Option configures Runtime.
func WithMinTTL ¶
WithMinTTL sets proactive refresh thresholds.
type RawKeyProvider ¶
type RawKeyProvider struct{ K []byte }
RawKeyProvider implements tokens.KeyProvider using provided key bytes. Use BlowfishEnsureKey to derive a 32-byte key from a passphrase when needed.
func (RawKeyProvider) Key ¶
func (r RawKeyProvider) Key() ([]byte, error)
type Runtime ¶
type Runtime struct {
CookieJars *cookiejar.Manager
Store *tokens.Store
Broker resolver.Broker
MinTTL resolver.MinTTL
Tracer obs.Tracer
Metrics obs.Metrics
}
Runtime bundles auth-related dependencies for dependency injection. It avoids global singletons and lets services share a single resolver and cookie jar manager for the application lifetime.
func New ¶
New constructs a Runtime. Callers should provide a shared cookie manager, token store and a broker implementation.
func (*Runtime) ClearCookieJar ¶
ClearCookieJar removes a cookie jar identified by its origin key.
func (*Runtime) CookieJarForAuthority ¶
CookieJarForAuthority returns a per-authority cookie jar and its origin key.
func (*Runtime) NewResolver ¶
NewResolver creates a resolver bound to this runtime's store and broker.
Source Files