Documentation
¶
Overview ¶
Package auth provides OAuth2 authentication flows for LLM providers.
Provider-specific OAuth configurations.
Index ¶
- Constants
- func DeviceAuth(ctx context.Context, cfg DeviceAuthConfig, callbacks *DeviceFlowCallbacks) (*credentials.OAuthToken, error)
- func GetTokenURL(provider string) string
- func RefreshToken(ctx context.Context, tokenURL, clientID string, token *credentials.OAuthToken) (*credentials.OAuthToken, error)
- func SupportsOAuth(provider string) bool
- type DeviceAuthConfig
- type DeviceCodeResponse
- type DeviceFlowCallbacks
- type TokenResponse
Constants ¶
const ( ProviderAnthropic = "anthropic" ProviderGitHubCopilot = "github-copilot" )
Provider constants
Variables ¶
This section is empty.
Functions ¶
func DeviceAuth ¶
func DeviceAuth(ctx context.Context, cfg DeviceAuthConfig, callbacks *DeviceFlowCallbacks) (*credentials.OAuthToken, error)
DeviceAuth performs the OAuth2 device authorization flow. Returns a token that can be stored in credentials.toml.
func GetTokenURL ¶
GetTokenURL returns the token endpoint for a provider (for refresh).
func RefreshToken ¶
func RefreshToken(ctx context.Context, tokenURL, clientID string, token *credentials.OAuthToken) (*credentials.OAuthToken, error)
RefreshToken refreshes an expired OAuth token.
func SupportsOAuth ¶
SupportsOAuth returns true if the provider supports OAuth authentication.
Types ¶
type DeviceAuthConfig ¶
type DeviceAuthConfig struct {
// Provider name (e.g., "anthropic", "github-copilot")
Provider string
// ClientID for the OAuth application
ClientID string
// DeviceAuthURL is the device authorization endpoint
DeviceAuthURL string
// TokenURL is the token endpoint
TokenURL string
// Scopes to request
Scopes []string
// PollInterval for token polling (default 5s)
PollInterval time.Duration
// Timeout for the entire flow (default 5 minutes)
Timeout time.Duration
}
DeviceAuthConfig configures the OAuth2 device authorization flow.
func AnthropicConfig ¶
func AnthropicConfig(clientID string) DeviceAuthConfig
AnthropicConfig returns the OAuth config for Anthropic Console. Note: Client ID should be registered with Anthropic.
func GetProviderConfig ¶
func GetProviderConfig(provider, clientID string) *DeviceAuthConfig
GetProviderConfig returns the OAuth config for a known provider. Returns nil if provider is not recognized.
func GitHubCopilotConfig ¶
func GitHubCopilotConfig(clientID string) DeviceAuthConfig
GitHubCopilotConfig returns the OAuth config for GitHub Copilot. Uses GitHub's device flow with Copilot scope.
type DeviceCodeResponse ¶
type DeviceCodeResponse struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval"`
}
DeviceCodeResponse is returned from the device authorization endpoint.
type DeviceFlowCallbacks ¶
type DeviceFlowCallbacks struct {
// OnUserCode is called when the user code is available.
// Implementations should display the verification URL and code to the user.
OnUserCode func(verificationURI, userCode string)
// OnPollAttempt is called on each poll attempt (optional).
OnPollAttempt func(attempt int)
// OnSuccess is called when authentication succeeds (optional).
OnSuccess func()
}
DeviceFlowCallbacks allows customization of user interaction.
func DefaultCallbacks ¶
func DefaultCallbacks() *DeviceFlowCallbacks
DefaultCallbacks returns callbacks that print to stdout.
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
Error string `json:"error,omitempty"`
ErrorDesc string `json:"error_description,omitempty"`
}
TokenResponse is returned from the token endpoint.
Source Files