Documentation ¶
Overview ¶
Package oauthutil provides OAuth utilities.
Index ¶
- Constants
- Variables
- func ConfigOAuth(ctx context.Context, name string, m configmap.Mapper, ri *fs.RegInfo, ...) (*fs.ConfigOut, error)
- func ConfigOut(state string, oAuth *Options) (*fs.ConfigOut, error)
- func Context(ctx context.Context, client *http.Client) context.Context
- func GetToken(name string, m configmap.Mapper) (*oauth2.Token, error)
- func PutToken(name string, m configmap.Mapper, token *oauth2.Token, newSection bool) error
- type AuthResult
- type CheckAuthFn
- type Config
- type Options
- type Renew
- type TokenSource
- func NewClient(ctx context.Context, name string, m configmap.Mapper, oauthConfig *Config) (*http.Client, *TokenSource, error)
- func NewClientCredentialsClient(ctx context.Context, name string, m configmap.Mapper, oauthConfig *Config, ...) (*http.Client, *TokenSource, error)
- func NewClientWithBaseClient(ctx context.Context, name string, m configmap.Mapper, config *Config, ...) (*http.Client, *TokenSource, error)
Constants ¶
const ( // TitleBarRedirectURL is the OAuth2 redirect URL to use when the authorization // code should be returned in the title bar of the browser, with the page text // prompting the user to copy the code and paste it in the application. TitleBarRedirectURL = "urn:ietf:wg:oauth:2.0:oob" // RedirectURL is redirect to local webserver when active RedirectURL = "http://" + bindAddress + "/" // RedirectPublicURL is redirect to local webserver when active with public name RedirectPublicURL = "http://localhost.rclone.org:" + bindPort + "/" // RedirectLocalhostURL is redirect to local webserver when active with localhost RedirectLocalhostURL = "http://localhost:" + bindPort + "/" // RedirectPublicSecureURL is a public https URL which // redirects to the local webserver RedirectPublicSecureURL = "https://oauth.rclone.org/" // DefaultAuthResponseTemplate is the default template used in the authorization webserver DefaultAuthResponseTemplate = `` /* 584-byte string literal not displayed */ )
Variables ¶
var OpenURL = open.Start
OpenURL is used when rclone wants to open a browser window for user authentication. It defaults to something which should work for most uses, but may be overridden.
config.ConfigClientID, Help: "OAuth Client Id.\n\nLeave blank normally.", Sensitive: true, }, { Name: config.ConfigClientSecret, Help: "OAuth Client Secret.\n\nLeave blank normally.", Sensitive: true, }, { Name: config.ConfigToken, Help: "OAuth Access Token as a JSON blob.", Advanced: true, Sensitive: true, }, { Name: config.ConfigAuthURL, Help: "Auth server URL.\n\nLeave blank to use the provider defaults.", Advanced: true, }, { Name: config.ConfigTokenURL, Help: "Token server url.\n\nLeave blank to use the provider defaults.", Advanced: true, }, { Name: config.ConfigClientCredentials, Default: false, Help: "Use client credentials OAuth flow.\n\nThis will use the OAUTH2 client Credentials Flow as described in RFC 6749.", Advanced: true, }}Name:
SharedOptions are shared between backends the utilize an OAuth flow
Functions ¶
func ConfigOAuth ¶ added in v1.56.0
func ConfigOAuth(ctx context.Context, name string, m configmap.Mapper, ri *fs.RegInfo, in fs.ConfigIn) (*fs.ConfigOut, error)
ConfigOAuth does the oauth config specified in the config block
This is called with a state which has pushed on it
state prefixed with "*oauth" state for oauth to return to state that returned the OAuth when we wish to recall it value that returned the OAuth
func ConfigOut ¶ added in v1.56.0
ConfigOut returns a config item suitable for the backend config
state is the place to return the config to oAuth is the config to run the oauth with
Types ¶
type AuthResult ¶ added in v1.50.0
type AuthResult struct { OK bool // Failure or Success? Name string Description string Code string HelpURL string Form url.Values // the complete contents of the form Err error // any underlying error to report }
AuthResult is returned from the web server after authorization success or failure
func (*AuthResult) Error ¶ added in v1.50.0
func (ar *AuthResult) Error() string
Error satisfies the error interface so AuthResult can be used as an error
type CheckAuthFn ¶ added in v1.50.0
type CheckAuthFn func(*Config, *AuthResult) error
CheckAuthFn is called when a good Auth has been received
type Config ¶
type Config struct { ClientID string ClientSecret string TokenURL string AuthURL string Scopes []string EndpointParams url.Values RedirectURL string ClientCredentialFlow bool AuthStyle oauth2.AuthStyle }
Config - structure that we will use to store the OAuth configuration settings. This is based on the union of the configuration structures for the two OAuth modules that we are using (oauth2 and oauth2.clientcrentials), along with a flag indicating if we are going to use the client credential flow
func OverrideCredentials ¶ added in v1.69.0
func OverrideCredentials(name string, m configmap.Mapper, origConfig *Config) (newConfig *Config, changed bool)
OverrideCredentials sets the ClientID and ClientSecret from the config file if they are not blank. If any value is overridden, true is returned. the origConfig is copied
func (*Config) MakeClientCredentialsConfig ¶ added in v1.69.0
func (conf *Config) MakeClientCredentialsConfig() *clientcredentials.Config
MakeClientCredentialsConfig makes a clientcredentials.Config from our config
func (*Config) MakeOauth2Config ¶ added in v1.69.0
MakeOauth2Config makes an oauth2.Config from our config
type Options ¶ added in v1.52.0
type Options struct { OAuth2Config *Config // Basic config for oauth2 NoOffline bool // If set then "access_type=offline" parameter is not passed CheckAuth CheckAuthFn // When the AuthResult is known the checkAuth function is called if set OAuth2Opts []oauth2.AuthCodeOption // extra oauth2 options StateBlankOK bool // If set, state returned as "" is deemed to be OK }
Options for the oauth config
type Renew ¶
type Renew struct {
// contains filtered or unexported fields
}
Renew allows tokens to be renewed on expiry if uploads are in progress.
func NewRenew ¶
func NewRenew(name string, ts *TokenSource, run func() error) *Renew
NewRenew creates a new Renew struct and starts a background process which renews the token whenever it expires. It uses the run() call to run a transaction to do this.
It will only renew the token if the number of uploads > 0
type TokenSource ¶
type TokenSource struct {
// contains filtered or unexported fields
}
TokenSource stores updated tokens in the config file
func NewClient ¶
func NewClient(ctx context.Context, name string, m configmap.Mapper, oauthConfig *Config) (*http.Client, *TokenSource, error)
NewClient gets a token from the config file and configures a Client with it. It returns the client and a TokenSource which Invalidate may need to be called on
func NewClientCredentialsClient ¶ added in v1.69.0
func NewClientCredentialsClient(ctx context.Context, name string, m configmap.Mapper, oauthConfig *Config, baseClient *http.Client) (*http.Client, *TokenSource, error)
NewClientCredentialsClient creates a new OAuth module using the ClientCredential flow
func NewClientWithBaseClient ¶
func NewClientWithBaseClient(ctx context.Context, name string, m configmap.Mapper, config *Config, baseClient *http.Client) (*http.Client, *TokenSource, error)
NewClientWithBaseClient gets a token from the config file and configures a Client with it. It returns the client and a TokenSource which Invalidate may need to be called on. It uses the httpClient passed in as the base client.
func (*TokenSource) Expire ¶ added in v1.59.0
func (ts *TokenSource) Expire() error
Expire marks the token as expired
This also marks the token in the config file as expired, if it is the same one
func (*TokenSource) Invalidate ¶
func (ts *TokenSource) Invalidate()
Invalidate invalidates the token
func (*TokenSource) OnExpiry ¶
func (ts *TokenSource) OnExpiry() <-chan time.Time
OnExpiry returns a channel which has the time written to it when the token expires. Note that there is only one channel so if attaching multiple go routines it will only signal to one of them.