NewAuthProvider builds the right AuthProvider for cfg.Scheme. An empty or unrecognised scheme returns the no-op provider — operations against the spec will simply send unauthenticated requests, which is the correct behaviour for public APIs. The returned provider holds httpClient when it needs to m
(cfg AuthConfig, httpClient *http.Client)
| 37 | // requests (token exchange, oauth2 client_credentials). httpClient must |
| 38 | // not be nil for those schemes. |
| 39 | func NewAuthProvider(cfg AuthConfig, httpClient *http.Client) (AuthProvider, error) { |
| 40 | switch strings.ToLower(strings.TrimSpace(cfg.Scheme)) { |
| 41 | case "", "none": |
| 42 | return noopAuth{}, nil |
| 43 | case "bearer": |
| 44 | return &bearerAuth{cfg: cfg}, nil |
| 45 | case "basic": |
| 46 | return &basicAuth{cfg: cfg}, nil |
| 47 | case "api_key", "apikey": |
| 48 | return &apiKeyAuth{cfg: cfg}, nil |
| 49 | case "oauth2_client_credentials": |
| 50 | if httpClient == nil { |
| 51 | return nil, fmt.Errorf("openapi: oauth2_client_credentials requires an http client") |
| 52 | } |
| 53 | return &oauth2CCAuth{cfg: cfg, http: httpClient, tok: &cachedToken{}}, nil |
| 54 | case "token_exchange": |
| 55 | if httpClient == nil { |
| 56 | return nil, fmt.Errorf("openapi: token_exchange requires an http client") |
| 57 | } |
| 58 | return &tokenExchangeAuth{cfg: cfg, http: httpClient, tok: &cachedToken{}}, nil |
| 59 | default: |
| 60 | return nil, fmt.Errorf("openapi: unknown auth scheme %q", cfg.Scheme) |
| 61 | } |
| 62 | } |
| 63 | |
| 64 | // noopAuth is the auth provider used when no auth is configured. It |
| 65 | // exists primarily so the resolver doesn't need to nil-check provider |
no outgoing calls