auth

package

v0.13.1 Latest Latest Go to latest Published: Dec 5, 2022 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/auth0/auth0-cli

Links

Open Source Insights

README ¶

Auth package

The CLI authentication follows this approach:

$ auth0 login uses Auth0 Device Flow to get an acccess token and a refresh token for the selected tenant.
The access token is stored at the configuration file.
The refresh token is stored at the OS keychain (supports macOS, Linux, and Windows thanks to https://github.com/zalando/go-keyring).
During regular commands initialization, the access token is used to instantiate an Auth0 API client. - If the token is expired according to the value stored on the configuration file, a new one is requested using the refresh token. - In case of any error, the interactive login flow is triggered.

Documentation ¶

Index ¶

Constants
func RequiredScopes() []string
func RequiredScopesMin() []string
type Authenticator
- func New() (*Authenticator, error)
- func (a *Authenticator) Start(ctx context.Context) (State, error)
- func (a *Authenticator) Wait(ctx context.Context, state State) (Result, error)
type ClientCredentials
type Keyring
type Result
- func GetAccessTokenFromClientCreds(args ClientCredentials) (Result, error)
type SecretStore
type State
- func (s *State) IntervalDuration() time.Duration
type TokenResponse
type TokenRetriever
- func (t *TokenRetriever) Delete(tenant string) error
- func (t *TokenRetriever) Refresh(ctx context.Context, tenant string) (TokenResponse, error)

Constants ¶

View Source

const (

	// SecretsNamespace is the namespace used to set/get values from the keychain.
	SecretsNamespace = "auth0-cli"
)

Variables ¶

This section is empty.

Functions ¶

func RequiredScopes ¶ added in v0.5.1

func RequiredScopes() []string

RequiredScopes returns the scopes used for login.

func RequiredScopesMin ¶ added in v0.8.1

func RequiredScopesMin() []string

RequiredScopesMin returns minimum scopes used for login in integration tests.

Types ¶

type Authenticator ¶

type Authenticator struct {
	Audience           string `env:"AUTH0_AUDIENCE,default=https://*.auth0.com/api/v2/"`
	ClientID           string `env:"AUTH0_CLIENT_ID,default=2iZo3Uczt5LFHacKdM0zzgUO2eG2uDjT"`
	DeviceCodeEndpoint string `env:"AUTH0_DEVICE_CODE_ENDPOINT,default=https://auth0.auth0.com/oauth/device/code"`
	OauthTokenEndpoint string `env:"AUTH0_OAUTH_TOKEN_ENDPOINT,default=https://auth0.auth0.com/oauth/token"`
}

Authenticator is used to facilitate the login process.

func New ¶ added in v0.11.10

func New() (*Authenticator, error)

New returns a new instance of Authenticator after decoding its parameters from env vars.

func (*Authenticator) Start ¶

func (a *Authenticator) Start(ctx context.Context) (State, error)

Start kicks-off the device authentication flow by requesting a device code from Auth0. The returned state contains the URI for the next step of the flow.

func (*Authenticator) Wait ¶

func (a *Authenticator) Wait(ctx context.Context, state State) (Result, error)

Wait waits until the user is logged in on the browser.

type ClientCredentials ¶ added in v0.13.1

type ClientCredentials struct {
	ClientID     string
	ClientSecret string
	Domain       string
}

ClientCredentials encapsulates all data to facilitate access token creation with client credentials (client ID and client secret)

type Keyring ¶

type Keyring struct{}

func (*Keyring) Delete ¶

func (k *Keyring) Delete(namespace, key string) error

Delete deletes a value for the given namespace and key.

func (*Keyring) Get ¶

func (k *Keyring) Get(namespace, key string) (string, error)

Get gets a value for the given namespace and key.

func (*Keyring) Set ¶

func (k *Keyring) Set(namespace, key, value string) error

Set sets the given key/value pair with the given namespace.

type Result ¶

type Result struct {
	Tenant       string
	Domain       string
	RefreshToken string
	AccessToken  string
	ExpiresAt    time.Time
}

func GetAccessTokenFromClientCreds ¶ added in v0.13.1

func GetAccessTokenFromClientCreds(args ClientCredentials) (Result, error)

GetAccessTokenFromClientCreds generates an access token from client credentials

type SecretStore ¶

type SecretStore interface {
	// Get gets the secret
	Get(namespace, key string) (string, error)
	// Delete removes the secret
	Delete(namespace, key string) error
}

SecretStore provides access to stored sensitive data.

type State ¶

type State struct {
	DeviceCode      string `json:"device_code"`
	UserCode        string `json:"user_code"`
	VerificationURI string `json:"verification_uri_complete"`
	ExpiresIn       int    `json:"expires_in"`
	Interval        int    `json:"interval"`
}

func (*State) IntervalDuration ¶

func (s *State) IntervalDuration() time.Duration

type TokenResponse ¶

type TokenResponse struct {
	AccessToken string `json:"access_token"`
	IDToken     string `json:"id_token"`
	TokenType   string `json:"token_type"`
	ExpiresIn   int    `json:"expires_in"`
}

type TokenRetriever ¶

type TokenRetriever struct {
	Authenticator *Authenticator
	Secrets       SecretStore
	Client        *http.Client
}

func (*TokenRetriever) Delete ¶

func (t *TokenRetriever) Delete(tenant string) error

Delete deletes the given tenant from the secrets storage.

func (*TokenRetriever) Refresh ¶

func (t *TokenRetriever) Refresh(ctx context.Context, tenant string) (TokenResponse, error)

Refresh gets a new access token from the provided refresh token, The request is used the default client_id and endpoint for device authentication.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authutil
mock Package mock is a generated GoMock package.	Package mock is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL