oauth

package
v0.0.14 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2022 License: MIT Imports: 21 Imported by: 0

Documentation

Overview

Package oauth provides authentication profile support for APIs that require OAuth 2.0 auth.

Index

Constants

This section is empty.

Variables

View Source
var ErrInvalidProfile = errors.New("invalid profile")

ErrInvalidProfile is thrown when a profile is missing or invalid.

Functions

func Extra

func Extra(names ...string) func(*config) error

Extra provides the names of additional parameters to use to store information in user profiles. Use `cli.GetActiveProfile.Info("default")["name"]` to access it.

func GetParams

func GetParams(f func(profile map[string]string) url.Values) func(*config) error

GetParams registers a function to get additional token endpoint parameters to include in the request when fetching a new token.

func InitAuthCode

func InitAuthCode(clientID string, authorizeURL string, tokenURL string, options ...func(*config) error)

InitAuthCode sets up the OAuth 2.0 authorization code with PKCE authentication flow. Must be called *after* you have called `cli.Init()`. The endpoint params allow you to pass additional info to the token URL. Pass in profile-related extra variables to store them alongside the default profile information.

func InitClientCredentials

func InitClientCredentials(tokenURL string, options ...func(*config) error)

InitClientCredentials sets up the OAuth 2.0 client credentials authentication flow. Must be called *after* you have called `cli.Init()`. The endpoint params allow you to pass additional info to the token URL. Pass in profile-related extra variables to store them alongside the default profile information.

func Scopes

func Scopes(scopes ...string) func(*config) error

Scopes sets a list of scopes to request for the token.

func TokenHandler

func TokenHandler(source oauth2.TokenSource, log *zerolog.Logger, request *http.Request) error

TokenHandler takes a token source, gets a token, and modifies a request to add the token auth as a header. Uses the CLI cache to store tokens on a per- profile basis between runs.

func TokenMiddleware

func TokenMiddleware(source oauth2.TokenSource, ctx *context.Context, h context.Handler)

TokenMiddleware is a wrapper around TokenHandler.

Types

type AuthCodeHandler

type AuthCodeHandler struct {
	ClientID     string
	AuthorizeURL string
	TokenURL     string
	RedirectURI  *url.URL
	Keys         []string
	Params       []string
	Scopes       []string
	// contains filtered or unexported fields
}

AuthCodeHandler sets up the OAuth 2.0 authorization code with PKCE authentication flow.

func (*AuthCodeHandler) ExecuteFlow added in v0.0.5

func (h *AuthCodeHandler) ExecuteFlow(log *zerolog.Logger) (*oauth2.Token, error)

ExecuteFlow gets run before the request goes out on the wire.

func (*AuthCodeHandler) NewToken added in v0.0.14

func (h *AuthCodeHandler) NewToken() (*oauth2.Token, error)

NewToken bypasses any cache to obtain a new OAuth2 token. In this particular case we initialize a RefreshTokenSource without a refresh token. This will force the client through an initial authorization code flow. This may be desirable when creating a new set of credentials or over-writing a different set of credentials.

func (*AuthCodeHandler) OnRequest

func (h *AuthCodeHandler) OnRequest(log *zerolog.Logger, request *http.Request) error

OnRequest gets run before the request goes out on the wire.

func (*AuthCodeHandler) ProfileKeys

func (h *AuthCodeHandler) ProfileKeys() []string

ProfileKeys returns the key names for fields to store in the profile.

type AuthorizationCodeTokenSource

type AuthorizationCodeTokenSource struct {
	ClientID       string
	AuthorizeURL   string
	TokenURL       string
	RedirectURI    *url.URL
	State          string
	EndpointParams *url.Values
	Scopes         []string
}

AuthorizationCodeTokenSource with PKCE as described in: https://www.oauth.com/oauth2-servers/pkce/ This works by running a local HTTP server on a configurable port and then having the user log in through a web browser, which redirects to the local server with an authorization code. That code is then used to make another HTTP request to fetch an auth token (and refresh token). That token may then be used to make requests against the API.

func (*AuthorizationCodeTokenSource) Token

Token generates a new token using an authorization code.

type ClientCredentialsHandler

type ClientCredentialsHandler struct {
	TokenURL     string
	Keys         []string
	Params       []string
	Scopes       []string
	ClientID     string
	ClientSecret string
	Values       map[string]interface{}
	// contains filtered or unexported fields
}

ClientCredentialsHandler implements the Client Credentials OAuth2 flow.

func NewClientCredentialsHandler

func NewClientCredentialsHandler(tokenURL string, keys, params, scopes []string) *ClientCredentialsHandler

NewClientCredentialsHandler creates a new handler.

func (*ClientCredentialsHandler) ExecuteFlow added in v0.0.5

func (h *ClientCredentialsHandler) ExecuteFlow(log *zerolog.Logger) (*oauth2.Token, error)

func (*ClientCredentialsHandler) OnRequest

func (h *ClientCredentialsHandler) OnRequest(log *zerolog.Logger, request *http.Request) error

OnRequest gets run before the request goes out on the wire.

func (*ClientCredentialsHandler) ProfileKeys

func (h *ClientCredentialsHandler) ProfileKeys() []string

ProfileKeys returns the key names for fields to store in the profile.

type RefreshTokenSource

type RefreshTokenSource struct {
	// ClientID of the application
	ClientID string

	// TokenURL is used to fetch new tokens
	TokenURL string

	// EndpointParams are extra URL query parameters to include in the request
	EndpointParams *url.Values

	// RefreshToken from a cache, if available. If not, then the first time a
	// token is requested it will be loaded from the token source and this value
	// will get updated if it's present in the returned token.
	RefreshToken string

	// TokenSource to wrap to fetch new tokens if the refresh token is missing or
	// did not work to get a new token.
	TokenSource oauth2.TokenSource
}

RefreshTokenSource will use a refresh token to try and get a new token before calling the original token source to get a new token.

func (RefreshTokenSource) Token

func (ts RefreshTokenSource) Token() (*oauth2.Token, error)

Token generates a new token using either a refresh token or by falling back to the original source.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL