store token in keyring

Author: burmudar

cmd/src/login.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"encoding/json"
 	"flag"
 	"fmt"
 	"io"
@@ -11,7 +12,10 @@ import (
 
 	"github.com/sourcegraph/src-cli/internal/api"
 	"github.com/sourcegraph/src-cli/internal/cmderrors"
+	"github.com/sourcegraph/src-cli/internal/keyring"
 	"github.com/sourcegraph/src-cli/internal/oauthdevice"
+
+	"github.com/sourcegraph/sourcegraph/lib/errors"
 )
 
 func init() {
@@ -125,16 +129,26 @@ func loginCmd(ctx context.Context, p loginParams) error {
 	noToken := cfg.AccessToken == ""
 	endpointConflict := endpointArg != cfg.Endpoint
 
+	secretStore, err := keyring.Open()
+	if err != nil {
+		printProblem(fmt.Sprintf("could not open keyring for secret storage: %s", err))
+	}
+
+	cfg.Endpoint = endpointArg
+
 	if p.useDeviceFlow {
-		token, err := runDeviceFlow(ctx, endpointArg, out, p.deviceFlowClient)
+		resp, err := runDeviceFlow(ctx, endpointArg, out, p.deviceFlowClient)
 		if err != nil {
 			printProblem(fmt.Sprintf("Device flow authentication failed: %s", err))
 			fmt.Fprintln(out, createAccessTokenMessage)
 			return cmderrors.ExitCode1
 		}
 
-		cfg.AccessToken = token
-		cfg.Endpoint = endpointArg
+		if err := oauthdevice.StoreToken(secretStore, &resp.Token); err != nil {
+			printProblem(fmt.Sprintf("Failed to store token in keyring store: %s", err))
+			return cmderrors.ExitCode1
+		}
+
 		client = cfg.apiClient(p.apiFlags, out)
 	} else if noToken || endpointConflict {
 		fmt.Fprintln(out)
@@ -184,10 +198,13 @@ func loginCmd(ctx context.Context, p loginParams) error {
 	return nil
 }
 
-func runDeviceFlow(ctx context.Context, endpoint string, out io.Writer, client oauthdevice.Client) (string, error) {
+func storeToken(store *keyring.Store, token *oauthdevice.Token) error {
+}
+
+func runDeviceFlow(ctx context.Context, endpoint string, out io.Writer, client oauthdevice.Client) (*oauthdevice.TokenResponse, error) {
 	authResp, err := client.Start(ctx, endpoint, nil)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	fmt.Fprintln(out)
@@ -207,8 +224,8 @@ func runDeviceFlow(ctx context.Context, endpoint string, out io.Writer, client o
 
 	tokenResp, err := client.Poll(ctx, endpoint, authResp.DeviceCode, interval, authResp.ExpiresIn)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
-	return tokenResp.AccessToken, nil
+	return tokenResp, nil
 }

internal/keyring/keyring.go

@@ -6,11 +6,7 @@ import (
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 )
 
-const (
-	serviceName = "sourcegraph-cli"
-
-	KeyOAuth = "oauth"
-)
+const serviceName = "sourcegraph-cli"
 
 // Store provides secure credential storage operations.
 type Store struct {

internal/oauthdevice/device_flow.go

@@ -13,6 +13,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/sourcegraph/src-cli/internal/keyring"
+
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 )
 
@@ -23,6 +25,9 @@ const (
 	// wellKnownPath is the path on the sourcegraph server where clients can discover OAuth configuration
 	wellKnownPath = "/.well-known/openid-configuration"
 
+	// Key used to store the token in the store
+	KeyOAuth = "oauth"
+
 	GrantTypeDeviceCode string = "urn:ietf:params:oauth:grant-type:device_code"
 
 	ScopeOpenID        string = "openid"
@@ -364,3 +369,26 @@ func (c *httpClient) Refresh(ctx context.Context, endpoint, refreshToken string)
 	return &tokenResp, nil
 }
 
+func StoreToken(store *keyring.Store, token *Token) error {
+	data, err := json.Marshal(token)
+	if err != nil {
+		return errors.Wrap(err, "failed to marshal token")
+	}
+
+	// TODO(burmudar): do we need a suffix that is the endpoint? ex. oauth-sourcegraph.com
+	return store.Set(KeyOAuth, data)
+}
+
+func LoadToken(store *keyring.Store) (*Token, error) {
+	var t Token
+	data, err := store.Get(KeyOAuth)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to get token from store")
+	}
+
+	if err := json.Unmarshal(data, &t); err != nil {
+		return nil, errors.Wrap(err, "failed to unmarshall token")
+	}
+
+	return &t, nil
+}