auth

package

v0.0.9 Latest Latest Go to latest Published: Mar 31, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/telekom/BOOTy

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth implements JWT token management for CAPRF communication.

Index ¶

type TokenManager
- func NewTokenManager(tokenURL, bootstrapToken string, log *slog.Logger) (*TokenManager, error)
type TokenResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type TokenManager ¶

type TokenManager struct {
	// contains filtered or unexported fields
}

TokenManager handles JWT acquisition, renewal, and failure recovery.

func NewTokenManager ¶

func NewTokenManager(tokenURL, bootstrapToken string, log *slog.Logger) (*TokenManager, error)

NewTokenManager creates a token manager with an initial bootstrap token. The tokenURL must use HTTPS unless it targets localhost for testing.

func (*TokenManager) Acquire ¶

func (tm *TokenManager) Acquire(ctx context.Context, serial, bmcMAC string) error

Acquire exchanges the bootstrap token for a JWT from the token endpoint.

func (*TokenManager) SetAlgorithm ¶

func (tm *TokenManager) SetAlgorithm(alg string)

SetAlgorithm configures the token algorithm (e.g. RS256, ES256) sent in requests. Must be called before Acquire or StartRenewal.

func (*TokenManager) SetOnFatal ¶

func (tm *TokenManager) SetOnFatal(fn func())

SetOnFatal sets the callback invoked when token renewal is permanently exhausted. Must be called before StartRenewal.

func (*TokenManager) StartRenewal ¶

func (tm *TokenManager) StartRenewal(ctx context.Context) error

StartRenewal begins the background renewal goroutine. Renews at 80% of token lifetime. Must be called after a successful Acquire. Idempotent: subsequent calls after the first are a no-op.

func (*TokenManager) Token ¶

func (tm *TokenManager) Token() string

Token returns the current token for use in Authorization headers.

type TokenResponse ¶

type TokenResponse struct {
	AccessToken  string `json:"access_token"`            //nolint:gosec // G101: struct field for token endpoint response, not a hardcoded credential
	RefreshToken string `json:"refresh_token,omitempty"` //nolint:gosec // G101: struct field for token endpoint response, not a hardcoded credential
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
}

TokenResponse represents the server's token endpoint response.

Source Files ¶

View all Source files

manager.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL