auth

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 15, 2023 License: MIT Imports: 12 Imported by: 0

README

Auth package

The CLI authentication follows this approach:

  1. $ auth0 login uses Auth0 Device Flow to get an acccess token and a refresh token for the selected tenant.
  2. The access token is stored at the configuration file.
  3. The refresh token is stored at the OS keychain (supports macOS, Linux, and Windows thanks to https://github.com/zalando/go-keyring).
  4. During regular commands initialization, the access token is used to instantiate an Auth0 API client. - If the token is expired according to the value stored on the configuration file, a new one is requested using the refresh token. - In case of any error, the interactive login flow is triggered.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var RequiredScopes = []string{
	"openid",
	"offline_access",
	"create:clients", "delete:clients", "read:clients", "update:clients",
	"read:client_grants",
	"create:resource_servers", "delete:resource_servers", "read:resource_servers", "update:resource_servers",
	"create:roles", "delete:roles", "read:roles", "update:roles",
	"create:rules", "delete:rules", "read:rules", "update:rules",
	"create:users", "delete:users", "read:users", "update:users",
	"read:branding", "update:branding",
	"read:email_templates", "update:email_templates",
	"read:connections", "update:connections",
	"read:client_keys", "read:logs", "read:tenant_settings",
	"read:custom_domains", "create:custom_domains", "update:custom_domains", "delete:custom_domains",
	"read:anomaly_blocks", "delete:anomaly_blocks",
	"create:log_streams", "delete:log_streams", "read:log_streams", "update:log_streams",
	"create:actions", "delete:actions", "read:actions", "update:actions",
	"create:organizations", "delete:organizations", "read:organizations", "update:organizations", "read:organization_members", "read:organization_member_roles", "read:organization_connections",
	"read:prompts", "update:prompts",
	"read:attack_protection", "update:attack_protection",
}

Functions

func RequiredScopesForClientCreds added in v1.0.0

func RequiredScopesForClientCreds() []string

RequiredScopesForClientCreds returns minimum scopes required when authenticating with client credentials.

Types

type ClientCredentials added in v0.13.1

type ClientCredentials struct {
	ClientID     string
	ClientSecret string
	Domain       string
}

ClientCredentials encapsulates all data to facilitate access token creation with client credentials (client ID and client secret).

type Credentials added in v1.0.0

type Credentials struct {
	Audience           string
	ClientID           string
	DeviceCodeEndpoint string
	OauthTokenEndpoint string
}

Credentials is used to facilitate the login process.

type Result

type Result struct {
	Tenant       string
	Domain       string
	RefreshToken string
	AccessToken  string
	ExpiresAt    time.Time
}

func GetAccessTokenFromClientCreds added in v0.13.1

func GetAccessTokenFromClientCreds(ctx context.Context, args ClientCredentials) (Result, error)

GetAccessTokenFromClientCreds generates an access token from client credentials.

func WaitUntilUserLogsIn added in v1.0.0

func WaitUntilUserLogsIn(ctx context.Context, httpClient *http.Client, state State) (Result, error)

WaitUntilUserLogsIn waits until the user is logged in on the browser.

type State

type State struct {
	DeviceCode      string `json:"device_code"`
	UserCode        string `json:"user_code"`
	VerificationURI string `json:"verification_uri_complete"`
	ExpiresIn       int    `json:"expires_in"`
	Interval        int    `json:"interval"`
}

func GetDeviceCode added in v1.0.0

func GetDeviceCode(ctx context.Context, httpClient *http.Client, additionalScopes []string) (State, error)

GetDeviceCode kicks-off the device authentication flow by requesting a device code from Auth0. The returned state contains the URI for the next step of the flow.

func (*State) IntervalDuration

func (s *State) IntervalDuration() time.Duration

type TokenResponse

type TokenResponse struct {
	AccessToken string `json:"access_token"`
	IDToken     string `json:"id_token"`
	TokenType   string `json:"token_type"`
	ExpiresIn   int    `json:"expires_in"`
}

func RefreshAccessToken added in v1.0.0

func RefreshAccessToken(httpClient *http.Client, tenant string) (TokenResponse, error)

RefreshAccessToken retrieves a new access token using a refresh token. This occurs when the access token has expired or is otherwise removed/inaccessible. The request uses Auth0's dedicated public cloud client for token exchange. This process will not work for Private Cloud tenants.

Directories

Path Synopsis
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL