doc(csvauth): add programmatic usage docs#89
Open
coolaj86 wants to merge 51 commits into
Open
Conversation
Add a TokenCookies []string field checked after query params (step 5). Each named cookie's value is passed directly to Authenticator.Authenticate as a token, enabling cookie-based token flows alongside Bearer and query params. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Adds `sql-migrate sync` which outputs a shell script that refreshes the local migrations.log from the DB by running _migrations.sql. Uses `|| true` so a fresh DB with no _migrations table yields an empty log (all migrations pending) rather than an error. Usage: sql-migrate -d ./db/migrations sync | sh sql-migrate -d ./db/migrations up | sh
Go 1.23+ changed Windows target naming so x86_64 builds now carry a
micro-architecture suffix (e.g. _v2). Update the goreleaser YAML
generator and monorel's own .goreleaser.yaml to match:
- Remove windows from defaultGoos/almostAllGoos; emit a dedicated
<name>-windows build entry per binary. Windows is kept in a separate
build because it does not support ARM v6/v7, so it cannot share the
same goarch matrix as non-Windows builds.
- Add defaultWindowsGoarch [amd64, arm64] and almostAllWindowsGoarch
[386, amd64, arm64] for the Windows-specific architecture lists.
- Promote defaultGoamd64 from [v1, v2] to [v1, v2, v3, v4] so the
full amd64 micro-architecture matrix is always generated.
- Update the archive name_template to include
{{ if .Amd64 }}_{{ .Amd64 }}{{ end }} after x86_64.
- Include both <name> and <name>-windows in archive ids.
- Regenerate tools/monorel/.goreleaser.yaml and
cmd/sql-migrate/.goreleaser.yaml with the new format.
Scope must be a space-delimited string per RFC 6749 §3.3, not a JSON array. Adds [] and ["openid","profile"] cases to the existing invalid sub-test with a comment explaining the likely root cause: an issuer using []string instead of SpaceDelimited in its claims struct.
Document the API for creating credentials in code without a CSV file: - NewCredential params requirement (nil panics) - PurposeToken vs PurposeDefault lookup behavior - CacheCredential vs LoadCSV - Full test example for Bearer token auth
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
auth/csvauth/README.mdcovering how to use the package in tests and embedded apps without a CSV fileNewCredentialrequires a non-nilparamsslice specifying the algorithm (passing nil panics with index-out-of-range)PurposeToken("token"), notPurposeDefault("login") — login credentials are looked up by name only, so a token credential with purpose "login" will never be found byAuthenticate("", secret)CacheCredentialvsLoadCSVand include a complete test exampleTest plan