auth

Documentation

Index

• Constants
• func Equal(a, b *oauth2.Token) bool
• type DeviceCodePrompt
• type FileStorage
  • func NewFileAt(p string, key [KeySize]byte) (*FileStorage, error)
  • func (f *FileStorage) Load(ctx context.Context) (*oauth2.Token, error)
  • func (f *FileStorage) Store(ctx context.Context, tok *oauth2.Token) error
• type Storage
• type TokenSource
  • func ClientCredentialsFlow(cfg oauth2.Config, client *http.Client) TokenSource
  • func DeviceCodeFlow(cfg oauth2.Config, st Storage, client *http.Client, prompt DeviceCodePrompt) TokenSource

Constants

const KeySize = chacha20poly1305.KeySize

KeySize is the size of the key used to encrypt the token file.

Functions

func Equal

func Equal(a, b *oauth2.Token) bool

Equal compares two OAuth2 tokens by access token, refresh token, token type, and expiry.

Types

type DeviceCodePrompt

type DeviceCodePrompt func(userCode, verURI, verURIComplete string)

type FileStorage

type FileStorage struct {
	// contains filtered or unexported fields
}

FileStorage is an encrypted file storage for OAuth2 credentials.

func NewFileAt

func NewFileAt(p string, key [KeySize]byte) (*FileStorage, error)

NewFileAt creates a FileStorage at path p.

func (*FileStorage) Load

func (f *FileStorage) Load(ctx context.Context) (*oauth2.Token, error)

Load decrypts the token value. If there is no saved token, the result is nil, nil.

func (*FileStorage) Store

func (f *FileStorage) Store(ctx context.Context, tok *oauth2.Token) error

Store sets a new token value. If the token file contains data that is not a token encrypted with the key passed to NewFileAt, Store returns an error.

type Storage

type Storage interface {
	// Load returns the current token.
	// If the result is nil, the caller should acquire a new refresh token.
	Load(ctx context.Context) (*oauth2.Token, error)
	// Store sets a new token. If tok is nil, the storage should be cleared.
	Store(ctx context.Context, tok *oauth2.Token) error
}

Storage is a secure means to store OAuth2 tokens.

type TokenSource

type TokenSource interface {
	// Token retrieves a token value. This may trigger OAuth2 flows including
	// token refresh, device code flow, or authorization code grant flow.
	// The result is always non-nil if the error is nil.
	Token(ctx context.Context) (*oauth2.Token, error)
	// Refresh forces a refresh of the token if its current value is identical
	// to old in the sense of [Equal]. This may trigger OAuth2 flows.
	// The result is the refreshed token.
	// The requirement to provide the old token allows Refresh to be called
	// concurrently without flooding refresh requests.
	Refresh(ctx context.Context, old *oauth2.Token) (*oauth2.Token, error)
}

TokenSource is a source of OAuth2 access tokens. Its methods are safe to call concurrently.

func ClientCredentialsFlow

func ClientCredentialsFlow(cfg oauth2.Config, client *http.Client) TokenSource

ClientCredentialsFlow creates a TokenSource which retrieves tokens through the client credentials grant flow. If client is nil, http.DefaultClient is used instead. Note that the client credentials flow does not have refresh tokens, so the tokens are not stored across processes.

func DeviceCodeFlow

func DeviceCodeFlow(cfg oauth2.Config, st Storage, client *http.Client, prompt DeviceCodePrompt) TokenSource

DeviceCodeFlow creates a TokenSource which retrieves tokens through the device code flow. If client is nil, http.DefaultClient is used instead. prompt must be a function which prompts to navigate to the verification URI and enter the user code. It may be called concurrently at any time when a new refresh token is required.