You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/auth-flows.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ Pkg uses the following top-level key values pairs:
21
21
-`access_token` (REQUIRED): the bearer token used to authorize normal requests (string)
22
22
-`expires_at` (OPTIONAL): an absolute expiration time (seconds from UNIX epoch; integer)
23
23
-`expires_in` (OPTIONAL): a relative expiration time (seconds; integer)
24
-
-`refresh_url` (OPTIONAL): URL to fetch new a new token from (string)
24
+
-`refresh_url` (OPTIONAL): URL to fetch a new token from (string)
25
25
-`refresh_token` (OPTIONAL): bearer token used to authorize refresh requests (string)
26
26
27
27
The `auth.toml` file may contain other fields (e.g. a username, or user email), but they are ignored by Pkg.
@@ -50,7 +50,7 @@ When the Pkg client downloads a new `auth.toml` file, if there is a relative `ex
50
50
This combination of policies allows expiration to work gracefully even in the presence of clock skew between the server and the client.
51
51
52
52
If the access token is expired and there are `refresh_token` and `refresh_url` fields in `auth.toml`, a new auth file is requested by making a request to `refresh_url` with an `Authorization: Bearer $refresh_token` header.
53
-
Pkg will refuse to make unless `refresh_url` is an HTTPS URL.
53
+
Pkg will refuse to make the refresh request unless `refresh_url` is an HTTPS URL.
54
54
55
55
Note that `refresh_url` need not be a URL on the Pkg server: token refresh can be handled by separate server.
56
56
If the request is successful and the returned `auth.toml` file is a well-formed TOML file with _at least_ an `access_token` field, it is saved to server directory, replacing the existing `auth.toml` file.
@@ -91,11 +91,11 @@ The flow goes through the following steps:
91
91
92
92
The body of the request should be the challenge string (just plain bytes, not encoded as JSON or anything).
93
93
94
-
The server MUST responds with the status code `200` and a body containing the response URL fragment `response` (again, plain bytes, no encoding of any form).
94
+
The server MUST respond with the status code `200` and a body containing the response URL fragment `response` (again, plain bytes, no encoding of any form).
95
95
96
96
3. Opening the response URL fragment in the user's browser.
97
97
98
-
At this point, the user should open the following URL browser (that is logged into the package server) and approve the authentication request:
98
+
At this point, the user should open the following URL in a web browser (that is logged into the package server) and approve the authentication request:
99
99
100
100
```
101
101
$(pkg_server)/$(auth_suffix)/response?$(response)
@@ -107,7 +107,7 @@ The flow goes through the following steps:
107
107
108
108
4. Polling the package server's token claiming endpoint.
109
109
110
-
While waiting for the user the approve the authentication request in step (3), PkgAuthentication will poll the package server's token claiming endpoint.
110
+
While waiting for the user to approve the authentication request in step (3), PkgAuthentication will poll the package server's token claiming endpoint.
111
111
The polling is done by sending a POST request
112
112
113
113
```
@@ -139,4 +139,4 @@ The flow goes through the following steps:
139
139
5. Constructing the `auth.toml` file.
140
140
141
141
If PkgAuthentication successfully acquires a token from polling the `/claimtoken` endpoint, it will write the token to the `auth.toml` file.
142
-
If will write out all the keys and values of the `token` in the `auth.toml` file as TOML.
142
+
It will write out all the keys and values of the `token` in the `auth.toml` file as TOML.
0 commit comments