100 lines
4.8 KiB
Go
100 lines
4.8 KiB
Go
package schemas
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
)
|
|
|
|
// OauthProvider interface defines OAuth operations
|
|
type OAuth2Provider interface {
|
|
// GetAccessToken retrieves the access token for a given oauth_config_id (server-level OAuth)
|
|
GetAccessToken(ctx context.Context, oauthConfigID string) (string, error)
|
|
|
|
// RefreshAccessToken refreshes the access token for a given oauth_config_id
|
|
RefreshAccessToken(ctx context.Context, oauthConfigID string) error
|
|
|
|
// ValidateToken checks if the token is still valid
|
|
ValidateToken(ctx context.Context, oauthConfigID string) (bool, error)
|
|
|
|
// RevokeToken revokes the OAuth token
|
|
RevokeToken(ctx context.Context, oauthConfigID string) error
|
|
|
|
// Per-user OAuth methods
|
|
|
|
// GetUserAccessToken retrieves the access token for a per-user OAuth session.
|
|
// If the token is expired, it automatically attempts a refresh.
|
|
GetUserAccessToken(ctx context.Context, sessionToken string) (string, error)
|
|
|
|
// GetUserAccessTokenByIdentity retrieves the upstream access token for a user
|
|
// identified by virtualKeyID, userID, or sessionToken (fallback), for a specific
|
|
// MCP client. Tokens looked up by identity persist across sessions.
|
|
GetUserAccessTokenByIdentity(ctx context.Context, virtualKeyID, userID, sessionToken, mcpClientID string) (string, error)
|
|
|
|
// InitiateUserOAuthFlow creates a per-user OAuth session and returns the authorization URL.
|
|
// Returns (flow initiation details, session ID for polling, error).
|
|
InitiateUserOAuthFlow(ctx context.Context, oauthConfigID string, mcpClientID string, redirectURI string) (*OAuth2FlowInitiation, string, error)
|
|
|
|
// CompleteUserOAuthFlow handles the OAuth callback for a per-user flow.
|
|
// Returns the session token that the user should send on subsequent requests.
|
|
CompleteUserOAuthFlow(ctx context.Context, state string, code string) (string, error)
|
|
|
|
// RefreshUserAccessToken refreshes a per-user OAuth access token.
|
|
RefreshUserAccessToken(ctx context.Context, sessionToken string) error
|
|
|
|
// RevokeUserToken revokes a per-user OAuth token and marks the session as revoked.
|
|
RevokeUserToken(ctx context.Context, sessionToken string) error
|
|
}
|
|
|
|
// OauthConfig represents OAuth client configuration
|
|
type OAuth2Config struct {
|
|
ID string `json:"id"`
|
|
ClientID string `json:"client_id,omitempty"` // Optional: Will be obtained via dynamic registration (RFC 7591) if not provided
|
|
ClientSecret string `json:"client_secret,omitempty"` // Optional: For public clients using PKCE, or obtained via dynamic registration
|
|
AuthorizeURL string `json:"authorize_url,omitempty"` // Optional: Will be discovered from ServerURL if not provided
|
|
TokenURL string `json:"token_url,omitempty"` // Optional: Will be discovered from ServerURL if not provided
|
|
RegistrationURL *string `json:"registration_url,omitempty"` // Optional: For dynamic client registration (RFC 7591), can be discovered
|
|
RedirectURI string `json:"redirect_uri"` // Required
|
|
Scopes []string `json:"scopes,omitempty"` // Optional: Can be discovered
|
|
ServerURL string `json:"server_url"` // MCP server URL for OAuth discovery (required if URLs not provided)
|
|
UseDiscovery bool `json:"use_discovery,omitempty"` // Deprecated: Discovery now happens automatically when URLs are missing
|
|
}
|
|
|
|
// OauthToken represents OAuth access and refresh tokens
|
|
type OAuth2Token struct {
|
|
ID string `json:"id"`
|
|
AccessToken string `json:"access_token"`
|
|
RefreshToken string `json:"refresh_token"`
|
|
TokenType string `json:"token_type"`
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
Scopes []string `json:"scopes"`
|
|
LastRefreshedAt *time.Time `json:"last_refreshed_at,omitempty"`
|
|
}
|
|
|
|
// OauthFlowInitiation represents the response when initiating an OAuth flow
|
|
type OAuth2FlowInitiation struct {
|
|
OauthConfigID string `json:"oauth_config_id"`
|
|
AuthorizeURL string `json:"authorize_url"`
|
|
State string `json:"state"`
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
}
|
|
|
|
// OAuth2TokenExchangeRequest represents the OAuth token exchange request
|
|
type OAuth2TokenExchangeRequest struct {
|
|
GrantType string `json:"grant_type"`
|
|
Code string `json:"code,omitempty"`
|
|
RedirectURI string `json:"redirect_uri,omitempty"`
|
|
ClientID string `json:"client_id"`
|
|
ClientSecret string `json:"client_secret,omitempty"`
|
|
RefreshToken string `json:"refresh_token,omitempty"`
|
|
CodeVerifier string `json:"code_verifier,omitempty"` // PKCE verifier for authorization_code grant
|
|
}
|
|
|
|
// OAuth2TokenExchangeResponse represents the OAuth token exchange response
|
|
type OAuth2TokenExchangeResponse struct {
|
|
AccessToken string `json:"access_token"`
|
|
RefreshToken string `json:"refresh_token,omitempty"`
|
|
TokenType string `json:"token_type"`
|
|
ExpiresIn int `json:"expires_in"`
|
|
Scope string `json:"scope,omitempty"`
|
|
}
|