Documentation
¶
Overview ¶
Package oauth provides authentication profile support for APIs that require OAuth 2.0 auth.
Index ¶
- Variables
- func Extra(names ...string) func(*config) error
- func GetParams(f func(profile map[string]string) url.Values) func(*config) error
- func InitAuthCode(clientID string, authorizeURL string, tokenURL string, ...)
- func InitClientCredentials(tokenURL string, options ...func(*config) error)
- func Scopes(scopes ...string) func(*config) error
- func TokenHandler(source oauth2.TokenSource, log *zerolog.Logger, request *http.Request) error
- func TokenMiddleware(source oauth2.TokenSource, ctx *context.Context, h context.Handler)
- type AuthCodeHandler
- type AuthorizationCodeTokenSource
- type ClientCredentialsHandler
- type RefreshTokenSource
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidProfile = errors.New("invalid profile")
ErrInvalidProfile is thrown when a profile is missing or invalid.
Functions ¶
func Extra ¶
Extra provides the names of additional parameters to use to store information in user profiles. Use `cli.GetActiveProfile.Info("default")["name"]` to access it.
func GetParams ¶
GetParams registers a function to get additional token endpoint parameters to include in the request when fetching a new token.
func InitAuthCode ¶
func InitAuthCode(clientID string, authorizeURL string, tokenURL string, options ...func(*config) error)
InitAuthCode sets up the OAuth 2.0 authorization code with PKCE authentication flow. Must be called *after* you have called `cli.Init()`. The endpoint params allow you to pass additional info to the token URL. Pass in profile-related extra variables to store them alongside the default profile information.
func InitClientCredentials ¶
InitClientCredentials sets up the OAuth 2.0 client credentials authentication flow. Must be called *after* you have called `cli.Init()`. The endpoint params allow you to pass additional info to the token URL. Pass in profile-related extra variables to store them alongside the default profile information.
func TokenHandler ¶
TokenHandler takes a token source, gets a token, and modifies a request to add the token auth as a header. Uses the CLI cache to store tokens on a per- profile basis between runs.
func TokenMiddleware ¶
TokenMiddleware is a wrapper around TokenHandler.
Types ¶
type AuthCodeHandler ¶
type AuthCodeHandler struct {
ClientID string
AuthorizeURL string
TokenURL string
RedirectURI *url.URL
Keys []string
Params []string
Scopes []string
// contains filtered or unexported fields
}
AuthCodeHandler sets up the OAuth 2.0 authorization code with PKCE authentication flow.
func (*AuthCodeHandler) ExecuteFlow ¶ added in v0.0.5
ExecuteFlow gets run before the request goes out on the wire.
func (*AuthCodeHandler) NewToken ¶ added in v0.0.14
func (h *AuthCodeHandler) NewToken() (*oauth2.Token, error)
NewToken bypasses any cache to obtain a new OAuth2 token. In this particular case we initialize a RefreshTokenSource without a refresh token. This will force the client through an initial authorization code flow. This may be desirable when creating a new set of credentials or over-writing a different set of credentials.
func (*AuthCodeHandler) ProfileKeys ¶
func (h *AuthCodeHandler) ProfileKeys() []string
ProfileKeys returns the key names for fields to store in the profile.
type AuthorizationCodeTokenSource ¶
type AuthorizationCodeTokenSource struct {
ClientID string
AuthorizeURL string
TokenURL string
RedirectURI *url.URL
State string
EndpointParams *url.Values
Scopes []string
}
AuthorizationCodeTokenSource with PKCE as described in: https://www.oauth.com/oauth2-servers/pkce/ This works by running a local HTTP server on a configurable port and then having the user log in through a web browser, which redirects to the local server with an authorization code. That code is then used to make another HTTP request to fetch an auth token (and refresh token). That token may then be used to make requests against the API.
type ClientCredentialsHandler ¶
type ClientCredentialsHandler struct {
TokenURL string
Keys []string
Params []string
Scopes []string
ClientID string
ClientSecret string
Values map[string]interface{}
// contains filtered or unexported fields
}
ClientCredentialsHandler implements the Client Credentials OAuth2 flow.
func NewClientCredentialsHandler ¶
func NewClientCredentialsHandler(tokenURL string, keys, params, scopes []string) *ClientCredentialsHandler
NewClientCredentialsHandler creates a new handler.
func (*ClientCredentialsHandler) ExecuteFlow ¶ added in v0.0.5
func (*ClientCredentialsHandler) OnRequest ¶
OnRequest gets run before the request goes out on the wire.
func (*ClientCredentialsHandler) ProfileKeys ¶
func (h *ClientCredentialsHandler) ProfileKeys() []string
ProfileKeys returns the key names for fields to store in the profile.
type RefreshTokenSource ¶
type RefreshTokenSource struct {
// ClientID of the application
ClientID string
// TokenURL is used to fetch new tokens
TokenURL string
// EndpointParams are extra URL query parameters to include in the request
EndpointParams *url.Values
// RefreshToken from a cache, if available. If not, then the first time a
// token is requested it will be loaded from the token source and this value
// will get updated if it's present in the returned token.
RefreshToken string
// TokenSource to wrap to fetch new tokens if the refresh token is missing or
// did not work to get a new token.
TokenSource oauth2.TokenSource
}
RefreshTokenSource will use a refresh token to try and get a new token before calling the original token source to get a new token.
Source Files