Documentation ¶
Index ¶
- Variables
- func NewIDTransport(ctx context.Context, src oauth2.TokenSource, base http.RoundTripper) http.RoundTripper
- func NotifyRefreshTokenSource(t *oauth2.Token, src oauth2.TokenSource, f TokenNotifyFunc) oauth2.TokenSource
- type EphemeralStorage
- type KeyringStorage
- type Option
- func WithAutoFollowRedirectForTesting() Option
- func WithBrowserPrompt() Option
- func WithClientID(clientID string) Option
- func WithClientSecret(secret string) Option
- func WithIssuerURL(issuerURL string) Option
- func WithKeychainPrefix(prefix string) Option
- func WithLogger(logger logrus.StdLogger) Option
- func WithRedirect(redirect string) Option
- func WithRefreshToken(refreshToken string) Option
- func WithScopes(scopes ...string) Option
- func WithStdoutPrompt() Option
- func WithSuccessBody(body string) Option
- type Storage
- type TerminalAuth
- func (ta *TerminalAuth) AccessClient(ctx context.Context) *http.Client
- func (ta *TerminalAuth) HasValidToken(ctx context.Context) bool
- func (ta *TerminalAuth) IDClient(ctx context.Context) *http.Client
- func (ta *TerminalAuth) IDToken(ctx context.Context) (*oidc.IDToken, error)
- func (ta *TerminalAuth) Login(ctx context.Context) error
- func (ta *TerminalAuth) Logout() error
- func (ta *TerminalAuth) Token(ctx context.Context) (*oauth2.Token, error)
- func (ta *TerminalAuth) TokenSource(ctx context.Context) oauth2.TokenSource
- func (ta *TerminalAuth) UserInfo(ctx context.Context) (*oidc.UserInfo, error)
- type TokenNotifyFunc
- type Transport
- type ViperStorage
Constants ¶
This section is empty.
Variables ¶
var ( ErrNoSavedToken = errors.New("no saved token") ErrNoLoadedToken = errors.New("no loaded token") ErrTokenScopesChanged = errors.New("requested scopes have changed") ErrNoOIDCConfig = errors.New("no oidc configuration was provided or cached") ErrNoIDToken = errors.New("no id token") ErrRefreshFailed = errors.New("failed to refresh the token") )
var ErrSettingNotFound = fmt.Errorf("setting not found")
Functions ¶
func NewIDTransport ¶ added in v0.0.10
func NewIDTransport(ctx context.Context, src oauth2.TokenSource, base http.RoundTripper) http.RoundTripper
NewIDTransport returns a RoundTripper that sets the Authorization header and automatically refreshes the token when it expires
func NotifyRefreshTokenSource ¶
func NotifyRefreshTokenSource(t *oauth2.Token, src oauth2.TokenSource, f TokenNotifyFunc) oauth2.TokenSource
Types ¶
type EphemeralStorage ¶ added in v0.1.0
type EphemeralStorage struct {
// contains filtered or unexported fields
}
EphemeralStorage stores state in memory and it is lost when the process ends. However, refresh tokens are persisted through the duration of the process.
func (*EphemeralStorage) Delete ¶ added in v0.1.0
func (p *EphemeralStorage) Delete(service, user string) error
Delete deletes a secret, identified by service & user, from the keyring.
func (*EphemeralStorage) Get ¶ added in v0.1.0
func (p *EphemeralStorage) Get(service, user string) (string, error)
Get gets a secret from the keyring given a service name and a user.
func (*EphemeralStorage) Set ¶ added in v0.1.0
func (p *EphemeralStorage) Set(service, user, pass string) error
Set stores user and pass in the keyring under the defined service name.
type KeyringStorage ¶ added in v0.1.0
type KeyringStorage struct { }
KeyringStorage stores in secure local storage system note: this requires the appropriate environment and tools be installed on the local machine and may not work properly in docker or headless
func (*KeyringStorage) Delete ¶ added in v0.1.0
func (p *KeyringStorage) Delete(service, setting string) error
Delete secret from keyring.
func (*KeyringStorage) Get ¶ added in v0.1.0
func (p *KeyringStorage) Get(service, setting string) (string, error)
Get password from keyring given service and user name.
func (*KeyringStorage) Set ¶ added in v0.1.0
func (p *KeyringStorage) Set(service, setting, value string) error
Set password in keyring for user.
type Option ¶
type Option func(*TerminalAuth) error
func WithAutoFollowRedirectForTesting ¶ added in v0.0.13
func WithAutoFollowRedirectForTesting() Option
WithAutoFollowRedirectForTesting will follow the redirect for automated testing purposes only
func WithBrowserPrompt ¶
func WithBrowserPrompt() Option
WithBrowserPrompt opens the authorization URL in the default browser
func WithClientID ¶
WithClientID sets the OIDC client_id If this is not provided the currently saved client ID from a previous login will be used
func WithClientSecret ¶
WithClientSecret adds a client secret to the authorization request Note that this is required by some providers (e.g. Google) but not all.
func WithIssuerURL ¶
WithIssuer sets the OIDC issuer base URL If this is not provided the currently saved issuer from a previous login will be used
func WithKeychainPrefix ¶
WithKeychainPrefix sets a prefix for naming the stored secret
func WithLogger ¶
WithLogger installs a custom logger instance
func WithRedirect ¶
WithRedirect customizes the local OAuth redirect port (default: 11123)
func WithRefreshToken ¶
WithRefreshToken will install an initial refresh token to be used and should be used in a provisioned setting where refresh tokens are known. NOTE: this assumes the scopes have not changed and does check the saved scope hash for invalidation. Use at your own risk.
func WithScopes ¶
WithScopes adds additional scopes to the authentication request Note that some providers (e.g. Okta) require the "offline_access" scope to get a refresh token while Google will fail if the "offline_access" scope is requested
func WithStdoutPrompt ¶
func WithStdoutPrompt() Option
WithStdoutPrompt prints the authorization URL to stdout
func WithSuccessBody ¶
WithSuccessBody sets the content of the web response to users when a successful authentication flow has completed.
type Storage ¶ added in v0.1.0
type Storage interface { // Set password in keyring for user. Set(service, setting, value string) error // Get password from keyring given service and user name. Get(service, setting string) (string, error) // Delete secret from keyring. Delete(service, setting string) error }
Storage provides an interface for saving and loading values across runs
func NewEphemeralStorage ¶ added in v0.1.0
func NewEphemeralStorage() Storage
func NewKeyringStorage ¶ added in v0.1.0
func NewKeyringStorage() Storage
NewKeyringStorage creates a new instance of keyring persistence
type TerminalAuth ¶
type TerminalAuth struct {
// contains filtered or unexported fields
}
func NewTerminalAuth ¶
func NewTerminalAuth(ctx context.Context, serviceIdentifier string, store Storage, options ...Option) (*TerminalAuth, error)
NewTerminalAuth returns an initialized TerminalAuth instance serviceIdentifier is an key for caching authentication values
func (*TerminalAuth) AccessClient ¶
func (ta *TerminalAuth) AccessClient(ctx context.Context) *http.Client
AccessClient returns an http client which uses the access token and will automatically refresh it when the token expires
func (*TerminalAuth) HasValidToken ¶
func (ta *TerminalAuth) HasValidToken(ctx context.Context) bool
HasValidToken returns "true" if a non-expired token has been loaded
func (*TerminalAuth) IDClient ¶
func (ta *TerminalAuth) IDClient(ctx context.Context) *http.Client
IDClient returns an http client which uses the ID token and will automatically refresh it when the token expires
func (*TerminalAuth) Login ¶
func (ta *TerminalAuth) Login(ctx context.Context) error
Login will present a URL to the terminal for the user to click and then follow the oauth2 flow to acquire token data
func (*TerminalAuth) Logout ¶ added in v0.0.13
func (ta *TerminalAuth) Logout() error
func (*TerminalAuth) TokenSource ¶
func (ta *TerminalAuth) TokenSource(ctx context.Context) oauth2.TokenSource
type TokenNotifyFunc ¶
TokenNotifyFunc is a function that accepts an oauth2 Token upon refresh, and returns an error if it should not be used.
type Transport ¶
type Transport struct { // Source supplies the token to add to outgoing requests' // Authorization headers. Source oauth2.TokenSource // Base is the base RoundTripper used to make HTTP requests. // If nil, http.DefaultTransport is used. Base http.RoundTripper }
Transport is an http.RoundTripper that makes OAuth 2.0 HTTP requests, wrapping a base RoundTripper and adding an Authorization header with a token from the supplied Sources.
Note: this differes from the Oauth2 Transport in that it sends an ID token rather than an access token
Transport is a low-level mechanism. Most code will use the higher-level Config.Client method instead.
func (*Transport) CancelRequest
deprecated
type ViperStorage ¶ added in v0.2.0
type ViperStorage struct {
// contains filtered or unexported fields
}
ViperStorage state is stored in viper config and saved after each change
func (*ViperStorage) Delete ¶ added in v0.2.0
func (p *ViperStorage) Delete(service, setting string) error
Delete setting
func (*ViperStorage) Get ¶ added in v0.2.0
func (p *ViperStorage) Get(service, setting string) (string, error)
Get setting given service and setting name
func (*ViperStorage) Set ¶ added in v0.2.0
func (p *ViperStorage) Set(service, setting, value string) error
Set password in keyring for user