Documentation
¶
Index ¶
- Variables
- func NewIDTransport(ctx context.Context, src oauth2.TokenSource, base http.RoundTripper) http.RoundTripper
- func NotifyRefreshTokenSource(t *oauth2.Token, src oauth2.TokenSource, f TokenNotifyFunc) oauth2.TokenSource
- type Option
- func WithBrowserPrompt() Option
- func WithClientID(clientID string) Option
- func WithClientSecret(secret string) Option
- func WithIssuerURL(issuerURL string) Option
- func WithKeychainPrefix(prefix string) Option
- func WithLogger(logger logrus.StdLogger) Option
- func WithNoPersistence() Option
- func WithRedirect(redirect string) Option
- func WithRefreshToken(refreshToken string) Option
- func WithScopes(scopes ...string) Option
- func WithStdoutPrompt() Option
- func WithSuccessBody(body string) Option
- type TerminalAuth
- func (ta *TerminalAuth) AccessClient(ctx context.Context) *http.Client
- func (ta *TerminalAuth) HasValidToken(ctx context.Context) bool
- func (ta *TerminalAuth) IDClient(ctx context.Context) *http.Client
- func (ta *TerminalAuth) IDToken(ctx context.Context) (*oidc.IDToken, error)
- func (ta *TerminalAuth) Login(ctx context.Context) error
- func (ta *TerminalAuth) Token(ctx context.Context) (*oauth2.Token, error)
- func (ta *TerminalAuth) TokenSource(ctx context.Context) oauth2.TokenSource
- func (ta *TerminalAuth) UserInfo(ctx context.Context) (*oidc.UserInfo, error)
- type TokenNotifyFunc
- type Transport
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoSavedToken = errors.New("no saved token") ErrNoLoadedToken = errors.New("no loaded token") ErrTokenScopesChanged = errors.New("requested scopes have changed") ErrNoOIDCConfig = errors.New("no oidc configuration was provided or cached") ErrNoIDToken = errors.New("no id token") )
Functions ¶
func NewIDTransport ¶ added in v0.0.10
func NewIDTransport(ctx context.Context, src oauth2.TokenSource, base http.RoundTripper) http.RoundTripper
NewIDTransport returns a RoundTripper that sets the Authorization header and automatically refreshes the token when it expires
func NotifyRefreshTokenSource ¶
func NotifyRefreshTokenSource(t *oauth2.Token, src oauth2.TokenSource, f TokenNotifyFunc) oauth2.TokenSource
Types ¶
type Option ¶
type Option func(*TerminalAuth) error
func WithBrowserPrompt ¶
func WithBrowserPrompt() Option
WithBrowserPrompt opens the authorization URL in the default browser
func WithClientID ¶
WithClientID sets the OIDC client_id If this is not provided the currently saved client ID from a previous login will be used
func WithClientSecret ¶
WithClientSecret adds a client secret to the authorization request Note that this is required by some providers (e.g. Google) but not all.
func WithIssuerURL ¶
WithIssuer sets the OIDC issuer base URL If this is not provided the currently saved issuer from a previous login will be used
func WithKeychainPrefix ¶
WithKeychainPrefix sets a prefix for naming the stored secret
func WithLogger ¶
WithLogger installs a custom logger instance
func WithNoPersistence ¶
func WithNoPersistence() Option
WithNoPersistence disables the keyring saving to local storage This option should be provided before any others
func WithRedirect ¶
WithRedirect customizes the local OAuth redirect port (default: 11123)
func WithRefreshToken ¶
WithRefreshToken will install an initial refresh token to be used and should be used in a provisioned setting where refresh tokens are known. NOTE: this assumes the scopes have not changed and does check the saved scope hash for invalidation. Use at your own risk.
func WithScopes ¶
WithScopes adds additional scopes to the authentication request Note that some providers (e.g. Okta) require the "offline_access" scope to get a refresh token while Google will fail if the "offline_access" scope is requested
func WithStdoutPrompt ¶
func WithStdoutPrompt() Option
WithStdoutPrompt prints the authorization URL to stdout
func WithSuccessBody ¶
WithSuccessBody sets the content of the web response to users when a successful authentication flow has completed.
type TerminalAuth ¶
type TerminalAuth struct {
// contains filtered or unexported fields
}
func NewTerminalAuth ¶
func NewTerminalAuth(ctx context.Context, serviceIdentifier string, options ...Option) (*TerminalAuth, error)
NewTerminalAuth returns an initialized TerminalAuth instance serviceIdentifier is an key for caching authentication values
func (*TerminalAuth) AccessClient ¶
func (ta *TerminalAuth) AccessClient(ctx context.Context) *http.Client
AccessClient returns an http client which uses the access token and will automatically refresh it when the token expires
func (*TerminalAuth) HasValidToken ¶
func (ta *TerminalAuth) HasValidToken(ctx context.Context) bool
HasValidToken returns "true" if a non-expired token has been loaded
func (*TerminalAuth) IDClient ¶
func (ta *TerminalAuth) IDClient(ctx context.Context) *http.Client
IDClient returns an http client which uses the ID token and will automatically refresh it when the token expires
func (*TerminalAuth) Login ¶
func (ta *TerminalAuth) Login(ctx context.Context) error
Login will present a URL to the terminal for the user to click and then follow the oauth2 flow to acquire token data
func (*TerminalAuth) TokenSource ¶
func (ta *TerminalAuth) TokenSource(ctx context.Context) oauth2.TokenSource
type TokenNotifyFunc ¶
TokenNotifyFunc is a function that accepts an oauth2 Token upon refresh, and returns an error if it should not be used.
type Transport ¶
type Transport struct {
// Source supplies the token to add to outgoing requests'
// Authorization headers.
Source oauth2.TokenSource
// Base is the base RoundTripper used to make HTTP requests.
// If nil, http.DefaultTransport is used.
Base http.RoundTripper
}
Transport is an http.RoundTripper that makes OAuth 2.0 HTTP requests, wrapping a base RoundTripper and adding an Authorization header with a token from the supplied Sources.
Note: this differes from the Oauth2 Transport in that it sends an ID token rather than an access token
Transport is a low-level mechanism. Most code will use the higher-level Config.Client method instead.
Source Files