Documentation
¶
Overview ¶
Provides the setup required for the client to perform the "Authorization Code" flow with PKCE in order to obtain an access token for public/untrusted clients.
Index ¶
- func BuildClientConfig(ctx context.Context, authMetadataClient service.AuthMetadataServiceClient) (clientConf *oauth2.Config, err error)
- type Config
- type SimpleTokenSource
- type TokenCache
- type TokenCacheInMemoryProvider
- type TokenOrchestrator
- func (f TokenOrchestrator) FetchTokenFromAuthFlow(ctx context.Context) (*oauth2.Token, error)
- func (f TokenOrchestrator) FetchTokenFromCacheOrRefreshIt(ctx context.Context) (token *oauth2.Token, err error)
- func (f TokenOrchestrator) RefreshToken(ctx context.Context, token *oauth2.Token) (*oauth2.Token, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildClientConfig ¶
func BuildClientConfig(ctx context.Context, authMetadataClient service.AuthMetadataServiceClient) (clientConf *oauth2.Config, err error)
BuildClientConfig builds OAuth2 config from information retrieved through the anonymous auth metadata service.
Types ¶
type Config ¶
type Config struct {
BrowserSessionTimeout config.Duration `json:"timeout"`
TokenRefreshGracePeriod config.Duration `json:"refreshTime"`
}
Config defines settings used for PKCE flow.
type SimpleTokenSource ¶
SimpleTokenSource defines a simple token source that caches a token in memory.
type TokenCache ¶
type TokenCache interface {
// SaveToken saves the token securely to cache.
SaveToken(token *oauth2.Token) error
// Retrieves the token from the cache.
GetToken() (*oauth2.Token, error)
}
TokenCache defines the interface needed to cache and retrieve oauth tokens.
type TokenCacheInMemoryProvider ¶
type TokenCacheInMemoryProvider struct {
// contains filtered or unexported fields
}
type TokenOrchestrator ¶
type TokenOrchestrator struct {
// contains filtered or unexported fields
}
TokenOrchestrator implements the main logic to initiate Pkce flow to issue access token and refresh token as well as refreshing the access token if a refresh token is present.
func NewTokenOrchestrator ¶
func NewTokenOrchestrator(ctx context.Context, cfg Config, tokenCache TokenCache, authMetadataClient service.AuthMetadataServiceClient) (TokenOrchestrator, error)
NewTokenOrchestrator creates a new TokenOrchestrator that implements the main logic to initiate Pkce flow to issue access token and refresh token as well as refreshing the access token if a refresh token is present.
func (TokenOrchestrator) FetchTokenFromAuthFlow ¶
FetchTokenFromAuthFlow starts a webserver to listen to redirect callback from the authorization server at the end of the flow. It then launches the browser to authenticate the user.
func (TokenOrchestrator) FetchTokenFromCacheOrRefreshIt ¶
func (f TokenOrchestrator) FetchTokenFromCacheOrRefreshIt(ctx context.Context) (token *oauth2.Token, err error)
FetchTokenFromCacheOrRefreshIt fetches the token from cache and refreshes it if it'll expire within the Config.TokenRefreshGracePeriod period.
func (TokenOrchestrator) RefreshToken ¶
func (f TokenOrchestrator) RefreshToken(ctx context.Context, token *oauth2.Token) (*oauth2.Token, error)
RefreshToken attempts to refresh the access token if a refresh token is provided.
Source Files
Directories