oauthutil

package
v1.69.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 12, 2025 License: MIT Imports: 23 Imported by: 63

Documentation

Overview

Package oauthutil provides OAuth utilities.

Index

Constants

View Source
const (
	// TitleBarRedirectURL is the OAuth2 redirect URL to use when the authorization
	// code should be returned in the title bar of the browser, with the page text
	// prompting the user to copy the code and paste it in the application.
	TitleBarRedirectURL = "urn:ietf:wg:oauth:2.0:oob"

	// RedirectURL is redirect to local webserver when active
	RedirectURL = "http://" + bindAddress + "/"

	// RedirectPublicURL is redirect to local webserver when active with public name
	RedirectPublicURL = "http://localhost.rclone.org:" + bindPort + "/"

	// RedirectLocalhostURL is redirect to local webserver when active with localhost
	RedirectLocalhostURL = "http://localhost:" + bindPort + "/"

	// RedirectPublicSecureURL is a public https URL which
	// redirects to the local webserver
	RedirectPublicSecureURL = "https://oauth.rclone.org/"

	// DefaultAuthResponseTemplate is the default template used in the authorization webserver
	DefaultAuthResponseTemplate = `` /* 584-byte string literal not displayed */

)

Variables

View Source
var OpenURL = open.Start

OpenURL is used when rclone wants to open a browser window for user authentication. It defaults to something which should work for most uses, but may be overridden.

View Source
var SharedOptions = []fs.Option{{
	Name:      config.ConfigClientID,
	Help:      "OAuth Client Id.\n\nLeave blank normally.",
	Sensitive: true,
}, {
	Name:      config.ConfigClientSecret,
	Help:      "OAuth Client Secret.\n\nLeave blank normally.",
	Sensitive: true,
}, {
	Name:      config.ConfigToken,
	Help:      "OAuth Access Token as a JSON blob.",
	Advanced:  true,
	Sensitive: true,
}, {
	Name:     config.ConfigAuthURL,
	Help:     "Auth server URL.\n\nLeave blank to use the provider defaults.",
	Advanced: true,
}, {
	Name:     config.ConfigTokenURL,
	Help:     "Token server url.\n\nLeave blank to use the provider defaults.",
	Advanced: true,
}, {
	Name:     config.ConfigClientCredentials,
	Default:  false,
	Help:     "Use client credentials OAuth flow.\n\nThis will use the OAUTH2 client Credentials Flow as described in RFC 6749.",
	Advanced: true,
}}

SharedOptions are shared between backends the utilize an OAuth flow

Functions

func ConfigOAuth added in v1.56.0

func ConfigOAuth(ctx context.Context, name string, m configmap.Mapper, ri *fs.RegInfo, in fs.ConfigIn) (*fs.ConfigOut, error)

ConfigOAuth does the oauth config specified in the config block

This is called with a state which has pushed on it

state prefixed with "*oauth"
state for oauth to return to
state that returned the OAuth when we wish to recall it
value that returned the OAuth

func ConfigOut added in v1.56.0

func ConfigOut(state string, oAuth *Options) (*fs.ConfigOut, error)

ConfigOut returns a config item suitable for the backend config

state is the place to return the config to oAuth is the config to run the oauth with

func Context

func Context(ctx context.Context, client *http.Client) context.Context

Context returns a context with our HTTP Client baked in for oauth2

func GetToken

func GetToken(name string, m configmap.Mapper) (*oauth2.Token, error)

GetToken returns the token saved in the config file under section name.

func PutToken

func PutToken(name string, m configmap.Mapper, token *oauth2.Token, newSection bool) error

PutToken stores the token in the config file

This saves the config file if it changes

Types

type AuthResult added in v1.50.0

type AuthResult struct {
	OK          bool // Failure or Success?
	Name        string
	Description string
	Code        string
	HelpURL     string
	Form        url.Values // the complete contents of the form
	Err         error      // any underlying error to report
}

AuthResult is returned from the web server after authorization success or failure

func (*AuthResult) Error added in v1.50.0

func (ar *AuthResult) Error() string

Error satisfies the error interface so AuthResult can be used as an error

type CheckAuthFn added in v1.50.0

type CheckAuthFn func(*Config, *AuthResult) error

CheckAuthFn is called when a good Auth has been received

type Config

type Config struct {
	ClientID             string
	ClientSecret         string
	TokenURL             string
	AuthURL              string
	Scopes               []string
	EndpointParams       url.Values
	RedirectURL          string
	ClientCredentialFlow bool
	AuthStyle            oauth2.AuthStyle
}

Config - structure that we will use to store the OAuth configuration settings. This is based on the union of the configuration structures for the two OAuth modules that we are using (oauth2 and oauth2.clientcrentials), along with a flag indicating if we are going to use the client credential flow

func OverrideCredentials added in v1.69.0

func OverrideCredentials(name string, m configmap.Mapper, origConfig *Config) (newConfig *Config, changed bool)

OverrideCredentials sets the ClientID and ClientSecret from the config file if they are not blank. If any value is overridden, true is returned. the origConfig is copied

func (*Config) MakeClientCredentialsConfig added in v1.69.0

func (conf *Config) MakeClientCredentialsConfig() *clientcredentials.Config

MakeClientCredentialsConfig makes a clientcredentials.Config from our config

func (*Config) MakeOauth2Config added in v1.69.0

func (conf *Config) MakeOauth2Config() *oauth2.Config

MakeOauth2Config makes an oauth2.Config from our config

type Options added in v1.52.0

type Options struct {
	OAuth2Config *Config                 // Basic config for oauth2
	NoOffline    bool                    // If set then "access_type=offline" parameter is not passed
	CheckAuth    CheckAuthFn             // When the AuthResult is known the checkAuth function is called if set
	OAuth2Opts   []oauth2.AuthCodeOption // extra oauth2 options
	StateBlankOK bool                    // If set, state returned as "" is deemed to be OK
}

Options for the oauth config

type Renew

type Renew struct {
	// contains filtered or unexported fields
}

Renew allows tokens to be renewed on expiry if uploads are in progress.

func NewRenew

func NewRenew(name string, ts *TokenSource, run func() error) *Renew

NewRenew creates a new Renew struct and starts a background process which renews the token whenever it expires. It uses the run() call to run a transaction to do this.

It will only renew the token if the number of uploads > 0

func (*Renew) Expire added in v1.59.0

func (r *Renew) Expire() error

Expire expires the token source

func (*Renew) Invalidate

func (r *Renew) Invalidate()

Invalidate invalidates the token source

func (*Renew) Shutdown added in v1.66.0

func (r *Renew) Shutdown()

Shutdown stops the timer and no more renewal will take place.

func (*Renew) Start

func (r *Renew) Start()

Start should be called before starting an upload

func (*Renew) Stop

func (r *Renew) Stop()

Stop should be called after finishing an upload

type TokenSource

type TokenSource struct {
	// contains filtered or unexported fields
}

TokenSource stores updated tokens in the config file

func NewClient

func NewClient(ctx context.Context, name string, m configmap.Mapper, oauthConfig *Config) (*http.Client, *TokenSource, error)

NewClient gets a token from the config file and configures a Client with it. It returns the client and a TokenSource which Invalidate may need to be called on

func NewClientCredentialsClient added in v1.69.0

func NewClientCredentialsClient(ctx context.Context, name string, m configmap.Mapper, oauthConfig *Config, baseClient *http.Client) (*http.Client, *TokenSource, error)

NewClientCredentialsClient creates a new OAuth module using the ClientCredential flow

func NewClientWithBaseClient

func NewClientWithBaseClient(ctx context.Context, name string, m configmap.Mapper, config *Config, baseClient *http.Client) (*http.Client, *TokenSource, error)

NewClientWithBaseClient gets a token from the config file and configures a Client with it. It returns the client and a TokenSource which Invalidate may need to be called on. It uses the httpClient passed in as the base client.

func (*TokenSource) Expire added in v1.59.0

func (ts *TokenSource) Expire() error

Expire marks the token as expired

This also marks the token in the config file as expired, if it is the same one

func (*TokenSource) Invalidate

func (ts *TokenSource) Invalidate()

Invalidate invalidates the token

func (*TokenSource) OnExpiry

func (ts *TokenSource) OnExpiry() <-chan time.Time

OnExpiry returns a channel which has the time written to it when the token expires. Note that there is only one channel so if attaching multiple go routines it will only signal to one of them.

func (*TokenSource) Token

func (ts *TokenSource) Token() (*oauth2.Token, error)

Token returns a token or an error. Token must be safe for concurrent use by multiple goroutines. The returned Token must not be modified.

This saves the token in the config file if it has changed

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL