auth

package

v0.27.1 Latest Latest Go to latest Published: May 11, 2026 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dynatrace-oss/dtctl

Links

Documentation ¶

Index ¶

Constants
Variables
func DecodeRefreshTokenExpiry(refreshToken string) (time.Time, bool)
func GetScopesForSafetyLevel(level config.SafetyLevel) []string
func IsOAuthToken(tokenName string) bool
func IsTokenExpired(tokens *TokenSet) bool
type Environment
- func DetectEnvironment(environmentURL string) Environment
type OAuthConfig
type OAuthFlow
- func NewOAuthFlow(config *OAuthConfig) (*OAuthFlow, error)
type StoredToken
type TokenManager
- func NewTokenManager(oauthConfig *OAuthConfig) (*TokenManager, error)
type TokenSet
type UserInfo

Constants ¶

View Source

const (
	// OAuthTokenPrefix is prepended to OAuth token names in keyring
	OAuthTokenPrefix = "oauth:"

	// TokenRefreshBuffer is how long before expiry we refresh tokens
	TokenRefreshBuffer = 5 * time.Minute
)

Variables ¶

View Source

var ErrOAuthSessionRevoked = errors.New("OAuth session revoked")

ErrOAuthSessionRevoked indicates the cached OAuth refresh token has been invalidated server-side (HTTP 400 invalid_grant). Callers should evict the cache and fall back to a non-OAuth credential where available.

Functions ¶

func DecodeRefreshTokenExpiry ¶ added in v0.25.0

func DecodeRefreshTokenExpiry(refreshToken string) (time.Time, bool)

DecodeRefreshTokenExpiry returns the exp claim from a JWT refresh token. Returns zero time and false if the token is not a decodable JWT with an exp claim.

func GetScopesForSafetyLevel ¶

func GetScopesForSafetyLevel(level config.SafetyLevel) []string

GetScopesForSafetyLevel returns the OAuth scopes required for a given safety level

func IsOAuthToken ¶

func IsOAuthToken(tokenName string) bool

IsOAuthToken checks if a token name refers to an OAuth token

func IsTokenExpired ¶

func IsTokenExpired(tokens *TokenSet) bool

IsTokenExpired checks if a token is expired

Types ¶

type Environment ¶

type Environment string

Environment represents a Dynatrace environment type

const (
	EnvironmentProd Environment = "prod"
	EnvironmentDev  Environment = "dev"
	EnvironmentHard Environment = "hard"
)

func DetectEnvironment ¶

func DetectEnvironment(environmentURL string) Environment

DetectEnvironment determines the environment type from a Dynatrace URL

type OAuthConfig ¶

type OAuthConfig struct {
	AuthURL        string
	TokenURL       string
	UserInfoURL    string
	ClientID       string
	Scopes         []string
	Port           int
	Environment    Environment
	SafetyLevel    config.SafetyLevel
	EnvironmentURL string
}

func DefaultOAuthConfig ¶

func DefaultOAuthConfig() *OAuthConfig

DefaultOAuthConfig returns the default OAuth configuration for production with readwrite-all safety level

func OAuthConfigForEnvironment ¶

func OAuthConfigForEnvironment(env Environment, safetyLevel config.SafetyLevel) *OAuthConfig

OAuthConfigForEnvironment creates an OAuth configuration for the specified environment and safety level

func OAuthConfigFromEnvironmentURL ¶

func OAuthConfigFromEnvironmentURL(environmentURL string) *OAuthConfig

OAuthConfigFromEnvironmentURL creates an OAuth configuration by detecting the environment from a URL Uses the default safety level (readwrite-all)

func OAuthConfigFromEnvironmentURLWithSafety ¶

func OAuthConfigFromEnvironmentURLWithSafety(environmentURL string, safetyLevel config.SafetyLevel) *OAuthConfig

OAuthConfigFromEnvironmentURLWithSafety creates an OAuth configuration with specific safety level

type OAuthFlow ¶

type OAuthFlow struct {
	// contains filtered or unexported fields
}

func NewOAuthFlow ¶

func NewOAuthFlow(config *OAuthConfig) (*OAuthFlow, error)

func (*OAuthFlow) GetUserInfo ¶

func (f *OAuthFlow) GetUserInfo(accessToken string) (*UserInfo, error)

func (*OAuthFlow) RefreshToken ¶

func (f *OAuthFlow) RefreshToken(refreshToken string) (*TokenSet, error)

func (*OAuthFlow) Start ¶

func (f *OAuthFlow) Start(ctx context.Context) (*TokenSet, error)

type StoredToken ¶

type StoredToken struct {
	TokenSet
	Name string `json:"name"`
}

StoredToken represents a stored OAuth token set

type TokenManager ¶

type TokenManager struct {
	// contains filtered or unexported fields
}

TokenManager manages OAuth tokens including storage and refresh

func NewTokenManager ¶

func NewTokenManager(oauthConfig *OAuthConfig) (*TokenManager, error)

NewTokenManager creates a new token manager

func (*TokenManager) DeleteToken ¶

func (tm *TokenManager) DeleteToken(tokenName string) error

DeleteToken removes a stored OAuth token

func (*TokenManager) GetToken ¶

func (tm *TokenManager) GetToken(tokenName string) (string, error)

GetToken retrieves and optionally refreshes a token

func (*TokenManager) GetTokenInfo ¶

func (tm *TokenManager) GetTokenInfo(tokenName string) (*StoredToken, error)

GetTokenInfo retrieves information about a stored OAuth token

func (*TokenManager) RefreshToken ¶

func (tm *TokenManager) RefreshToken(tokenName string) (*TokenSet, error)

RefreshToken refreshes an OAuth token

func (*TokenManager) SaveToken ¶

func (tm *TokenManager) SaveToken(tokenName string, tokens *TokenSet) error

SaveToken stores an OAuth token set

type TokenSet ¶

type TokenSet struct {
	AccessToken  string    `json:"access_token"`
	RefreshToken string    `json:"refresh_token"`
	IDToken      string    `json:"id_token"`
	TokenType    string    `json:"token_type"`
	ExpiresIn    int       `json:"expires_in"`
	Scope        string    `json:"scope"`
	ExpiresAt    time.Time `json:"expires_at,omitempty"`
}

type UserInfo ¶

type UserInfo struct {
	Sub           string `json:"sub"`
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Name          string `json:"name"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL