Documentation
¶
Overview ¶
Package githubauth provides utilities for GitHub authentication, including generating and using GitHub App tokens and installation tokens.
This package implements oauth2.TokenSource interfaces for GitHub App authentication and GitHub App installation token generation. It is built on top of the go-github and golang.org/x/oauth2 libraries.
Index ¶
- Constants
- func NewApplicationTokenSource[T Identifier](id T, privateKey []byte, opts ...ApplicationTokenOpt) (oauth2.TokenSource, error)
- func NewInstallationTokenSource(id int64, src oauth2.TokenSource, opts ...InstallationTokenSourceOpt) oauth2.TokenSource
- func NewPersonalAccessTokenSource(token string) oauth2.TokenSource
- type ApplicationTokenOpt
- type Identifier
- type InstallationTokenSourceOpt
- func WithContext(ctx context.Context) InstallationTokenSourceOpt
- func WithEnterpriseURLs(baseURL, uploadURL string) InstallationTokenSourceOpt
- func WithHTTPClient(client *http.Client) InstallationTokenSourceOpt
- func WithInstallationTokenOptions(opts *github.InstallationTokenOptions) InstallationTokenSourceOpt
Constants ¶
const ( // DefaultApplicationTokenExpiration is the default expiration time for GitHub App tokens. // The maximum allowed expiration is 10 minutes. DefaultApplicationTokenExpiration = 10 * time.Minute )
Variables ¶
This section is empty.
Functions ¶
func NewApplicationTokenSource ¶
func NewApplicationTokenSource[T Identifier](id T, privateKey []byte, opts ...ApplicationTokenOpt) (oauth2.TokenSource, error)
NewApplicationTokenSource creates a GitHub App JWT token source. Accepts either int64 App ID or string Client ID. GitHub recommends Client IDs for new apps. Private key must be in PEM format. Generated JWTs are RS256-signed with iat, exp, and iss claims. JWTs expire in max 10 minutes and include clock drift protection (iat set 60s in past). See https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app
func NewInstallationTokenSource ¶
func NewInstallationTokenSource(id int64, src oauth2.TokenSource, opts ...InstallationTokenSourceOpt) oauth2.TokenSource
NewInstallationTokenSource creates a GitHub App installation token source. Requires installation ID and a GitHub App JWT token source for authentication. See https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token
func NewPersonalAccessTokenSource ¶ added in v1.4.0
func NewPersonalAccessTokenSource(token string) oauth2.TokenSource
NewPersonalAccessTokenSource creates a token source for GitHub personal access tokens. The provided token should be a valid GitHub personal access token (classic or fine-grained). This token source returns the same token value for all Token() calls without expiration, making it suitable for long-lived authentication scenarios.
Types ¶
type ApplicationTokenOpt ¶
type ApplicationTokenOpt func(*applicationTokenSource)
ApplicationTokenOpt is a functional option for configuring an applicationTokenSource.
func WithApplicationTokenExpiration ¶
func WithApplicationTokenExpiration(exp time.Duration) ApplicationTokenOpt
WithApplicationTokenExpiration sets the JWT expiration duration. Must be between 0 and 10 minutes per GitHub's JWT requirements. Invalid values default to 10 minutes. See https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app#about-json-web-tokens-jwts
type Identifier ¶ added in v1.3.0
Identifier constrains GitHub App identifiers to int64 (App ID) or string (Client ID).
type InstallationTokenSourceOpt ¶
type InstallationTokenSourceOpt func(*installationTokenSource)
InstallationTokenSourceOpt is a functional option for InstallationTokenSource.
func WithContext ¶ added in v1.1.0
func WithContext(ctx context.Context) InstallationTokenSourceOpt
WithContext sets the context for the GitHub App installation token source.
func WithEnterpriseURLs ¶ added in v1.1.0
func WithEnterpriseURLs(baseURL, uploadURL string) InstallationTokenSourceOpt
WithEnterpriseURLs sets the base URL and upload URL for GitHub Enterprise Server. This option should be used after WithHTTPClient to ensure the HTTP client is properly configured. If the provided URLs are invalid, the option is ignored and default GitHub URLs are used.
func WithHTTPClient ¶
func WithHTTPClient(client *http.Client) InstallationTokenSourceOpt
WithHTTPClient sets the HTTP client for the GitHub App installation token source.
func WithInstallationTokenOptions ¶
func WithInstallationTokenOptions(opts *github.InstallationTokenOptions) InstallationTokenSourceOpt
WithInstallationTokenOptions sets the options for the GitHub App installation token.