auth

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 2, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

internal/auth/token.go

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BearerToken

func BearerToken(jwt string) string

BearerToken formats a JWT as a Bearer auth header value.

func EmptyProto

func EmptyProto() *commonv1.Empty

EmptyProto returns a commonv1.Empty message (convenience).

func ExportEnv

func ExportEnv(jwt, workspaceID string) string

ExportEnv returns shell export lines for --no-save mode.

func GetPATOnce

func GetPATOnce() string

GetPATOnce returns NWEB_API_KEY without storing it anywhere. Only for auth commands that explicitly manage PATs.

Types

type Claims added in v0.16.0

type Claims struct {
	Sub         string `json:"sub"`
	WorkspaceID string `json:"nweb:workspace_id"`
	SourcePatID string `json:"nweb:source_pat_id"`
	Exp         int64  `json:"exp"`
}

Claims holds the subset of JWT payload fields used by the CLI.

func ParseClaims added in v0.16.0

func ParseClaims(token string) (Claims, error)

ParseClaims decodes the payload segment of a JWT without verifying the signature.

func (Claims) ExpiresAt added in v0.16.0

func (c Claims) ExpiresAt() time.Time

ExpiresAt returns the token expiry as a time.Time.

type Resolver

type Resolver struct {
	Profile     config.Profile
	ProfileName string
	WorkspaceID string // flag override
	NoPersist   bool
	ConfigPath  string
	Insecure    bool

	// OnTokenRefreshed is called after a successful PAT exchange.
	OnTokenRefreshed func(jwt string, expiresAt time.Time, workspaceID string)
}

Resolver resolves a valid JWT for API calls.

func NewResolver

func NewResolver(profile config.Profile, profileName, workspaceIDFlag, configPath string, noPersist, insecureFlag bool) *Resolver

NewResolver builds a Resolver from global flags and a loaded profile.

func (*Resolver) Token

func (r *Resolver) Token(ctx context.Context) (string, error)

Token returns a valid JWT, exchanging the PAT if necessary. PAT is never stored; it is always read fresh from NWEB_API_KEY.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL