Version: v19.0.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 7, 2019 License: MPL-2.0 Imports: 2 Imported by: 0



The Login service serves as the interface between external authentication systems and Taskcluster credentials.


How to use this package

First create a Login object:

login := tclogin.New(nil)

and then call one or more of login's methods, e.g.:

err := login.Ping(.....)

handling any errors...

if err != nil {
	// handle error...

Taskcluster Schema

The source code of this go package was auto-generated from the API definition at <rootUrl>/references/login/v1/api.json together with the input and output schemas it references,



This section is empty.


This section is empty.


This section is empty.


type CredentialsResponse

type CredentialsResponse struct {

	// Taskcluster credentials. Note that the credentials may not contain a certificate!
	Credentials TaskclusterCredentials `json:"credentials"`

	// Time after which the credentials are no longer valid.  Callers should
	// call `oidcCredentials` again to get fresh credentials before this time.
	Expires tcclient.Time `json:"expires"`

A response containing credentials corresponding to a supplied OIDC `access_token`.

type Login

type Login tcclient.Client

func New

func New(credentials *tcclient.Credentials, rootURL string) *Login

New returns a Login client, configured to run against production. Pass in nil credentials to create a client without authentication. The returned client is mutable, so returned settings can be altered.

login := tclogin.New(
    nil,                                      // client without authentication
    "http://localhost:1234/my/taskcluster",   // taskcluster hosted at this root URL on local machine
err := login.Ping(.....)                      // for example, call the Ping(.....) API endpoint (described further down)...
if err != nil {
	// handle errors...

func NewFromEnv

func NewFromEnv() *Login

NewFromEnv returns a *Login configured from environment variables.

The root URL is taken from TASKCLUSTER_PROXY_URL if set to a non-empty string, otherwise from TASKCLUSTER_ROOT_URL if set, otherwise the empty string.

The credentials are taken from environment variables:


If TASKCLUSTER_CLIENT_ID is empty/unset, authentication will be disabled.

func (*Login) OidcCredentials

func (login *Login) OidcCredentials(provider string) (*CredentialsResponse, error)

Stability: *** EXPERIMENTAL ***

Given an OIDC `access_token` from a trusted OpenID provider, return a set of Taskcluster credentials for use on behalf of the identified user.

This method is typically not called with a Taskcluster client library and does not accept Hawk credentials. The `access_token` should be given in an `Authorization` header: “` Authorization: Bearer “`

The `access_token` is first verified against the named :provider, then passed to the provider's APIBuilder to retrieve a user profile. That profile is then used to generate Taskcluster credentials appropriate to the user. Note that the resulting credentials may or may not include a `certificate` property. Callers should be prepared for either alternative.

The given credentials will expire in a relatively short time. Callers should monitor this expiration and refresh the credentials if necessary, by calling this endpoint again, if they have expired.

See #oidcCredentials

func (*Login) Ping

func (login *Login) Ping() error

Respond without doing anything. This endpoint is used to check that the service is up.

See #ping

type TaskclusterCredentials

type TaskclusterCredentials struct {

	// Syntax:     ^[a-zA-Z0-9_-]{22,66}$
	AccessToken string `json:"accessToken"`

	Certificate string `json:"certificate,omitempty"`

	// Syntax:     ^[A-Za-z0-9!@/:.+|_-]+$
	ClientID string `json:"clientId"`

Taskcluster credentials. Note that the credentials may not contain a certificate!

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL