auth

package

v1.8.0 Latest Latest Go to latest Published: Mar 23, 2026 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/algolia/cli

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func CheckACLs(cmd *cobra.Command, f *cmdutil.Factory) error
func CheckAuth(cfg config.Config) error
func ClearToken()
func CodeChallenge(verifier string) string
func DisableAuthCheck(cmd *cobra.Command)
func EnsureAuthenticated(io *iostreams.IOStreams, client *dashboard.Client) (string, error)
func GenerateCodeVerifier() (string, error)
func GetValidToken(client *dashboard.Client) (string, error)
func IsAuthCheckEnabled(cmd *cobra.Command) bool
func OAuthClientID() string
func OpenBrowser(url string) error
func ReauthenticateIfExpired(io *iostreams.IOStreams, client *dashboard.Client, err error) (string, error)
func RunOAuth(io *iostreams.IOStreams, client *dashboard.Client, signup, openBrowser bool) (string, error)
func SaveToken(resp *dashboard.OAuthTokenResponse) error
func StartCallbackServer() (redirectURI string, result <-chan CallbackResult, err error)
type CallbackResult
type StoredToken
- func LoadToken() *StoredToken
- func (t *StoredToken) IsExpired() bool

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultOAuthClientID = ""

DefaultOAuthClientID is injected at build time via ldflags. Override with ALGOLIA_OAUTH_CLIENT_ID environment variable for local development.

View Source

var WriteAPIKeyDefaultACLs = []string{
	"search",
	"browse",
	"seeUnretrievableAttributes",
	"listIndexes",
	"analytics",
	"logs",
	"addObject",
	"deleteObject",
	"deleteIndex",
	"settings",
	"editSettings",
	"recommendation",
}

Functions ¶

func CheckACLs ¶

func CheckACLs(cmd *cobra.Command, f *cmdutil.Factory) error

CheckACLs check if the current profile has the right ACLs to execute the command

func CheckAuth ¶

func CheckAuth(cfg config.Config) error

func ClearToken ¶ added in v1.8.0

func ClearToken()

ClearToken removes the stored token from the OS keychain.

func CodeChallenge ¶ added in v1.8.0

func CodeChallenge(verifier string) string

CodeChallenge computes the S256 PKCE code_challenge from a code_verifier.

func DisableAuthCheck ¶

func DisableAuthCheck(cmd *cobra.Command)

func EnsureAuthenticated ¶ added in v1.8.0

func EnsureAuthenticated(
	io *iostreams.IOStreams,
	client *dashboard.Client,
) (string, error)

EnsureAuthenticated returns a valid access token from the stored session. If no valid session exists and the terminal is interactive, it triggers the browser-based OAuth login flow automatically.

func GenerateCodeVerifier ¶ added in v1.8.0

func GenerateCodeVerifier() (string, error)

GenerateCodeVerifier creates a random PKCE code_verifier (43-128 chars, URL-safe).

func GetValidToken ¶ added in v1.8.0

func GetValidToken(client *dashboard.Client) (string, error)

GetValidToken returns a valid access token, refreshing if necessary.

func IsAuthCheckEnabled ¶

func IsAuthCheckEnabled(cmd *cobra.Command) bool

func OAuthClientID ¶ added in v1.8.0

func OAuthClientID() string

OAuthClientID returns the OAuth client ID, preferring the ALGOLIA_OAUTH_CLIENT_ID environment variable over the compiled-in default (set via ldflags).

func OpenBrowser ¶ added in v1.8.0

func OpenBrowser(url string) error

OpenBrowser opens the given URL in the user's default browser.

func ReauthenticateIfExpired ¶ added in v1.8.0

func ReauthenticateIfExpired(
	io *iostreams.IOStreams,
	client *dashboard.Client,
	err error,
) (string, error)

ReauthenticateIfExpired checks if err is a session-expired error from the API. If so, it clears the invalid token and triggers the login flow.

func RunOAuth ¶ added in v1.8.0

func RunOAuth(io *iostreams.IOStreams, client *dashboard.Client, signup, openBrowser bool) (string, error)

RunOAuth runs the OAuth PKCE flow with a local callback server and returns a valid access token. A local HTTP server is started on a random port to receive the authorization code via redirect — no copy-paste required.

When openBrowser is true the authorize URL is opened automatically; otherwise only the URL is printed (useful when the browser can't be launched, e.g. SSH / containers).

If signup is true the browser opens to the sign-up page.

func SaveToken ¶ added in v1.8.0

func SaveToken(resp *dashboard.OAuthTokenResponse) error

SaveToken persists tokens from an OAuthTokenResponse to the OS keychain.

func StartCallbackServer ¶ added in v1.8.0

func StartCallbackServer() (redirectURI string, result <-chan CallbackResult, err error)

StartCallbackServer starts a local HTTP server on a random available port. It returns the redirect URI (http://127.0.0.1:{port}) and a channel that will receive exactly one CallbackResult when the OAuth redirect arrives. The server shuts itself down after handling the first request.

Types ¶

type CallbackResult ¶ added in v1.8.0

type CallbackResult struct {
	Code  string
	Error string
}

CallbackResult holds the authorization code (or an error description) received from the OAuth redirect.

type StoredToken ¶ added in v1.8.0

type StoredToken struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresAt    int64  `json:"expires_at"`
	Scope        string `json:"scope,omitempty"`
}

StoredToken represents the persisted OAuth tokens.

func LoadToken ¶ added in v1.8.0

func LoadToken() *StoredToken

LoadToken reads the stored token from the OS keychain. Returns nil if not found.

func (*StoredToken) IsExpired ¶ added in v1.8.0

func (t *StoredToken) IsExpired() bool

IsExpired returns true if the access token has expired (with a 60s buffer).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL