auth

package

v0.7.0 Latest Latest Go to latest Published: Mar 24, 2026 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gleanwork/glean-cli

Links

Open Source Insights

Documentation ¶

Index ¶

func DeleteTokens(host string) error
func EmailFromJWT(raw string) string
func EnsureAuth(ctx context.Context) error
func LoadOAuthToken(host string) string
func Login(ctx context.Context) error
func Logout(ctx context.Context) error
func LookupBackendURL(ctx context.Context, email string) (string, error)
func SaveClient(host string, cl *StoredClient) error
func SaveTokens(host string, tok *StoredTokens) error
func Status(ctx context.Context) error
type StoredClient
- func LoadClient(host string) (*StoredClient, error)
type StoredTokens
- func LoadTokens(host string) (*StoredTokens, error)
- func (t *StoredTokens) IsExpired() bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DeleteTokens ¶

func DeleteTokens(host string) error

DeleteTokens removes stored tokens for the given host.

func EmailFromJWT ¶

func EmailFromJWT(raw string) string

EmailFromJWT decodes a JWT payload (without verification) and returns the email claim, or "" if unavailable or the token is not a valid JWT.

func EnsureAuth ¶

func EnsureAuth(ctx context.Context) error

EnsureAuth returns nil if the client has usable credentials.

func LoadOAuthToken ¶

func LoadOAuthToken(host string) string

LoadOAuthToken returns a valid, non-expired OAuth access token for host, or "". If the stored token is expired and a refresh token is available, it attempts a silent refresh and persists the new tokens before returning.

func Login(ctx context.Context) error

Login performs the full OAuth 2.0 PKCE login flow for the configured Glean host. If the host is not configured, prompts for a work email and auto-discovers it. If the instance doesn't support OAuth, falls back to an inline API token prompt.

func Logout ¶

func Logout(ctx context.Context) error

Logout removes stored OAuth tokens and clears the config file.

func LookupBackendURL ¶

func LookupBackendURL(ctx context.Context, email string) (string, error)

LookupBackendURL resolves a work email to a Glean backend base URL using Glean's domain discovery API.

func SaveClient ¶

func SaveClient(host string, cl *StoredClient) error

SaveClient persists an OAuth client registration for the given host.

func SaveTokens ¶

func SaveTokens(host string, tok *StoredTokens) error

SaveTokens persists OAuth tokens for the given host.

func Status ¶

func Status(ctx context.Context) error

Status prints the current authentication state.

Types ¶

type StoredClient ¶

type StoredClient struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret,omitempty"`
}

StoredClient holds a registered or configured OAuth client for a Glean host.

func LoadClient ¶

func LoadClient(host string) (*StoredClient, error)

LoadClient returns a stored client registration for the given host, or nil if none exist.

type StoredTokens ¶

type StoredTokens struct {
	AccessToken   string    `json:"access_token"`
	RefreshToken  string    `json:"refresh_token,omitempty"`
	Expiry        time.Time `json:"expiry,omitempty"`
	Email         string    `json:"email,omitempty"`
	TokenType     string    `json:"token_type,omitempty"`
	TokenEndpoint string    `json:"token_endpoint,omitempty"` // used for token refresh
}

StoredTokens holds persisted OAuth tokens for a Glean host.

func LoadTokens ¶

func LoadTokens(host string) (*StoredTokens, error)

LoadTokens returns stored tokens for the given host, or nil if none exist.

func (*StoredTokens) IsExpired ¶

func (t *StoredTokens) IsExpired() bool

IsExpired returns true if the token expires within the next 60 seconds.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL