feat(oauth): Use keyring to store oauth token by burmudar · Pull Request #1228 · sourcegraph/src-cli
This was referenced
Dec 8, 2025
burmudar
marked this pull request as ready for review
- rename keyring to store - make keyring struct src-cli and set label on secret
- create token struct from TokenResponse - Token converts expiresIn to a timestamp - Store the token with the endpoint suffix - OAuth transport and use when available in api client
- Add secret store that supports different backends - We use a registry map for a few secrets and the registry gets persisted as one secret to the keyring. We don't waant to create a keyring secret for every different secret - Store is opened once to load the registry. - use secretStorage to store oauth tokens
- use token.ClientID during refresh - best effort store refresh token
handle oauth discovery failure and set client id on token - use SRC CLI client id as default and handle discovery failures - add clientID flag and set it on the token improve error message and panic in apiClient if no usable token - warn if we fail to store the token on login - panic if apiClient has no accessToken or OAuth token to use
- remove panic - use lib/errors from sg
- remove delete operation - remove store interface
- add mutex to guard concurrent changes of token - pull refreshing of token out into `refreshToken` - additional comments
burmudar added a commit that referenced this pull request
Mar 9, 2026
* add refresh to oauthdevice.Client * oauthdevice: add RefreshToken field and Refresh method * feat(oauth): Use keyring to store oauth token (#1228) * add refresh to oauthdevice.Client * add OAuth Transport and use it if no access token * secrets: switch to zalando/go-keyring and add context support * secrets: scope keyring by endpoint
burmudar added a commit that referenced this pull request
Mar 9, 2026
…Auth client (#1223) * removed unused func * add refresh token to device response unmarshall * make NewClient take ClientID as param * add oauth flow and use oauth token when SRC_ACCESS_TOKEN is empty * feat(oauth): Add refresh to oauthdevice.Client (#1227) * add refresh to oauthdevice.Client * oauthdevice: add RefreshToken field and Refresh method * feat(oauth): Use keyring to store oauth token (#1228) * add refresh to oauthdevice.Client * add OAuth Transport and use it if no access token * secrets: switch to zalando/go-keyring and add context support * secrets: scope keyring by endpoint
burmudar added a commit that referenced this pull request
Mar 23, 2026
…Auth client (#1223) * removed unused func * add refresh token to device response unmarshall * make NewClient take ClientID as param * add oauth flow and use oauth token when SRC_ACCESS_TOKEN is empty * feat(oauth): Add refresh to oauthdevice.Client (#1227) * add refresh to oauthdevice.Client * oauthdevice: add RefreshToken field and Refresh method * feat(oauth): Use keyring to store oauth token (#1228) * add refresh to oauthdevice.Client * add OAuth Transport and use it if no access token * secrets: switch to zalando/go-keyring and add context support * secrets: scope keyring by endpoint (cherry picked from commit 0bc535e)
burmudar added a commit that referenced this pull request
Mar 23, 2026
…Auth client (#1223) * removed unused func * add refresh token to device response unmarshall * make NewClient take ClientID as param * add oauth flow and use oauth token when SRC_ACCESS_TOKEN is empty * feat(oauth): Add refresh to oauthdevice.Client (#1227) * add refresh to oauthdevice.Client * oauthdevice: add RefreshToken field and Refresh method * feat(oauth): Use keyring to store oauth token (#1228) * add refresh to oauthdevice.Client * add OAuth Transport and use it if no access token * secrets: switch to zalando/go-keyring and add context support * secrets: scope keyring by endpoint (cherry picked from commit 0bc535e)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters