auth

package

v1.7.2 Latest Latest Go to latest Published: Dec 19, 2024 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/auth0/auth0-cli

README ¶

Auth package

The CLI authentication follows this approach:

$ auth0 login uses Auth0 Device Flow to get an acccess token and a refresh token for the selected tenant.
The access token is stored at the configuration file.
The refresh token is stored at the OS keychain (supports macOS, Linux, and Windows thanks to https://github.com/zalando/go-keyring).
During regular commands initialization, the access token is used to instantiate an Auth0 API client. - If the token is expired according to the value stored on the configuration file, a new one is requested using the refresh token. - In case of any error, the interactive login flow is triggered.

Documentation ¶

Index ¶

Variables
type ClientCredentials
type Credentials
type Result
- func GetAccessTokenFromClientCreds(ctx context.Context, args ClientCredentials) (Result, error)
- func WaitUntilUserLogsIn(ctx context.Context, httpClient *http.Client, state State) (Result, error)
type State
- func GetDeviceCode(ctx context.Context, httpClient *http.Client, additionalScopes []string, ...) (State, error)
- func (s *State) IntervalDuration() time.Duration
type TokenResponse
- func RefreshAccessToken(httpClient *http.Client, tenant string) (TokenResponse, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var RequiredScopes = []string{
	"openid",
	"offline_access",
	"create:clients", "delete:clients", "read:clients", "update:clients",
	"read:client_grants",
	"create:resource_servers", "delete:resource_servers", "read:resource_servers", "update:resource_servers",
	"create:roles", "delete:roles", "read:roles", "update:roles",
	"create:rules", "delete:rules", "read:rules", "update:rules",
	"create:users", "delete:users", "read:users", "update:users",
	"read:branding", "update:branding",
	"read:email_templates", "update:email_templates",
	"read:email_provider",
	"read:flows", "read:forms", "read:flows_vault_connections",
	"read:connections", "update:connections",
	"read:client_keys", "read:logs", "read:tenant_settings",
	"read:custom_domains", "create:custom_domains", "update:custom_domains", "delete:custom_domains",
	"read:anomaly_blocks", "delete:anomaly_blocks",
	"create:log_streams", "delete:log_streams", "read:log_streams", "update:log_streams",
	"create:actions", "delete:actions", "read:actions", "update:actions",
	"create:organizations", "delete:organizations", "read:organizations", "update:organizations", "read:organization_members", "read:organization_member_roles", "read:organization_connections",
	"read:prompts", "update:prompts",
	"read:attack_protection", "update:attack_protection",
}

Functions ¶

This section is empty.

Types ¶

type ClientCredentials ¶ added in v0.13.1

type ClientCredentials struct {
	ClientID     string
	ClientSecret string
	Domain       string
}

ClientCredentials encapsulates all data to facilitate access token creation with client credentials (client ID and client secret).

type Credentials ¶ added in v1.0.0

type Credentials struct {
	Audience           string
	ClientID           string
	DeviceCodeEndpoint string
	OauthTokenEndpoint string
}

Credentials is used to facilitate the login process.

type Result ¶

type Result struct {
	Tenant       string
	Domain       string
	RefreshToken string
	AccessToken  string
	ExpiresAt    time.Time
}

func GetAccessTokenFromClientCreds ¶ added in v0.13.1

func GetAccessTokenFromClientCreds(ctx context.Context, args ClientCredentials) (Result, error)

GetAccessTokenFromClientCreds generates an access token from client credentials.

func WaitUntilUserLogsIn ¶ added in v1.0.0

func WaitUntilUserLogsIn(ctx context.Context, httpClient *http.Client, state State) (Result, error)

WaitUntilUserLogsIn waits until the user is logged in on the browser.

type State ¶

type State struct {
	DeviceCode      string `json:"device_code"`
	UserCode        string `json:"user_code"`
	VerificationURI string `json:"verification_uri_complete"`
	ExpiresIn       int    `json:"expires_in"`
	Interval        int    `json:"interval"`
}

func GetDeviceCode ¶ added in v1.0.0

func GetDeviceCode(ctx context.Context, httpClient *http.Client, additionalScopes []string, domain string) (State, error)

GetDeviceCode kicks-off the device authentication flow by requesting a device code from Auth0. The returned state contains the URI for the next step of the flow.

func (*State) IntervalDuration ¶

func (s *State) IntervalDuration() time.Duration

type TokenResponse ¶

type TokenResponse struct {
	AccessToken string `json:"access_token"`
	IDToken     string `json:"id_token"`
	TokenType   string `json:"token_type"`
	ExpiresIn   int    `json:"expires_in"`
}

func RefreshAccessToken ¶ added in v1.0.0

func RefreshAccessToken(httpClient *http.Client, tenant string) (TokenResponse, error)

RefreshAccessToken retrieves a new access token using a refresh token. This occurs when the access token has expired or is otherwise removed/inaccessible. The request uses Auth0's dedicated public cloud client for token exchange. This process will not work for Private Cloud tenants.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authutil
mock Package mock is a generated GoMock package.	Package mock is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL