Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BestCredentialCache ¶
func BestCredentialCache() tokencache.CredentialCache
BestCredentialCache returns the most preferred available credential client for the platform and environment.
Types ¶
type CommandOpener ¶
type CommandOpener struct {
CommandName string
}
CommandOpener opens a URL by executing a command with the URL as the first argument. CommandOpener works well with MacOS's `open` command.
type Config ¶
type Config struct {
// OAuth2Config is the configuration for the provider. Required.
OAuth2Config oauth2.Config
// Opener is used to launch the users browser in to the auth flow. If not
// set, an appropriate opener for the platform will be automatically
// configured.
Opener Opener
// PortLow is used with PortHigh to specify the port range of the local
// server. If not set, Go's default port allocation is used. Both PortLow
// and PortHigh must be specified.
PortLow uint16
// PortHigh sets the upper range of ports used to configure the local
// server, if PortLow is set.
PortHigh uint16
// Renderer is used to render the callback page in the users browser, on
// completion of the auth flow. Defaults to a basic UI
Renderer Renderer
// AuthCodeOptions are used to provide additional options to the auth code
// URL when starting the flow. The code challenge/PKCE option should not be
// set here, it will be managed dynamically.
AuthCodeOptions []oauth2.AuthCodeOption
// SkipPKCE disables the use of PKCE/Code challenge. This should only be
// used if problems are experienced with it, with consideration to the
// security implications.
SkipPKCE bool
}
Config configures a CLI local token source. This is used to implement the 3-legged oauth2 flow for local/CLI applications, where the callback is a dynamic server listening on localhost.
func (*Config) TokenSource ¶
TokenSource creates a token source that command line (CLI) programs can use to fetch tokens from an OAuth2/OIDC Provider for use in authenticating clients to other systems (e.g., Kubernetes clusters, Docker registries, etc.). The client should be configured with any scopes or auth code options that are required.
This will trigger the auth flow each time, in practice the result should be cached. The resulting tokens are not verified, and the caller should verify if desired.
Example:
ctx := context.TODO()
provider, err := oidc.DiscoverProvider(ctx, issuer)
if err != nil {
// handle err
}
cfg := Config{
OAuth2Config: oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID},
}
}
ts, err := cfg.TokenSource(ctx)
if err != nil {
// handle err
}
token, err := ts.Token()
if err != nil {
// handle error
}
// use token
type EchoOpener ¶
type EchoOpener struct{}
EchoOpener opens a URL by printing it to the console for the user to manually click on. It is used as a last resort.
type EncryptedFileCredentialCache ¶
type EncryptedFileCredentialCache struct {
// Dir is the path where encrypted cache files will be stored.
// If empty, to oidc-cache in the os.UserCacheDir
Dir string
// PassphrasePromptFunc is a function that prompts the user to enter a
// passphrase used to encrypt and decrypt a file.
PassphrasePromptFunc
}
func (*EncryptedFileCredentialCache) Available ¶
func (e *EncryptedFileCredentialCache) Available() bool
type KeychainCLICredentialCache ¶
type KeychainCLICredentialCache struct{}
KeychainCLICredentialCache uses /usr/bin/security to store items. This is flexible and doesn't require CGO, however any other process can read the items via the command
func (*KeychainCLICredentialCache) Available ¶
func (k *KeychainCLICredentialCache) Available() bool
type MemoryWriteThroughCredentialCache ¶
type MemoryWriteThroughCredentialCache struct {
tokencache.CredentialCache
// contains filtered or unexported fields
}
MemoryWriteThroughCredentialCache is a write-through cache for another underlying CredentialCache. If a credential has been previously requested from the underlying store, it is read from memory the next time it is requested.
MemoryWriteThroughCredentialCache is useful when the underlying store requires user input (e.g., a passphrase) or is otherwise expensive.
func (*MemoryWriteThroughCredentialCache) Available ¶
func (c *MemoryWriteThroughCredentialCache) Available() bool
type NullCredentialCache ¶
type NullCredentialCache struct{}
NullCredentialCache will not cache tokens. Used it to opt out of caching.
func (*NullCredentialCache) Available ¶
func (c *NullCredentialCache) Available() bool
type Opener ¶
type Opener interface {
// Open opens the provided URL in the user's browser
Open(ctx context.Context, url string) error
}
func DetectOpener ¶
func DetectOpener() Opener
DetectOpener attempts to find the best opener for a user's system. If there is no best opener for the system, it defaults to an opener that prints the URL to the console so the user can click on it.
Source Files