go.bigb.es/go-bitwarden
Index
- type AuthClient
- func NewAuthClient(transport *Transport, device DeviceInfo, identityURL string) *AuthClient
- func (*AuthClient) GetAPIKey(ctx context.Context, email, password string) (clientID, clientSecret string, err error)
- func (*AuthClient) Login(ctx context.Context, email, password string) (*TokenResponse, *crypto.KeyChain, error)
- func (*AuthClient) LoginWithAPIKey(ctx context.Context, clientID, clientSecret, email, password string) (*TokenResponse, *crypto.KeyChain, error)
- func (*AuthClient) Prelogin(ctx context.Context, email string) (*PreloginResponse, error)
- func (*AuthClient) RefreshToken(ctx context.Context) error
- func (*AuthClient) Register(ctx context.Context, email, password, name string, cfg crypto.DeriveKeyConfig) error
- func (*AuthClient) SetTwoFactorProvider(p TwoFactorProvider)
- type DeviceInfo
- type ErrorModel
- type ErrorResponse
- type NotificationHandler
- type NotificationMessage
- type NotificationPayload
- type NotificationType
- const NotifAuthRequest
- const NotifAuthRequestResponse
- const NotifLogOut
- const NotifSyncCipherCreate
- const NotifSyncCipherDelete
- const NotifSyncCipherUpdate
- const NotifSyncCiphers
- const NotifSyncFolderCreate
- const NotifSyncFolderDelete
- const NotifSyncFolderUpdate
- const NotifSyncLoginDelete
- const NotifSyncOrgKeys
- const NotifSyncSendCreate
- const NotifSyncSendDelete
- const NotifSyncSendUpdate
- const NotifSyncSettings
- const NotifSyncVault
- type NotificationsClient
- type PreloginRequest
- type PreloginResponse
- type RegisterKeys
- type RegisterRequest
- type ServerError
- type SyncOrg
- type SyncProfile
- type SyncResponse
- type TokenResponse
- type Transport
- func NewTransport(baseURL string, httpClient *http.Client) *Transport
- func (*Transport) AccessToken(ctx context.Context) (string, error)
- func (*Transport) BaseURL() string
- func (*Transport) ClearTokens()
- func (*Transport) Delete(ctx context.Context, path string) ([]byte, error)
- func (*Transport) Get(ctx context.Context, path string, query url.Values) ([]byte, error)
- func (*Transport) Post(ctx context.Context, path string, body any) ([]byte, error)
- func (*Transport) PostForm(ctx context.Context, fullURL string, form url.Values) ([]byte, error)
- func (*Transport) PostFormNoAuth(ctx context.Context, fullURL string, form url.Values) ([]byte, error)
- func (*Transport) PostNoAuth(ctx context.Context, path string, body any) ([]byte, error)
- func (*Transport) Put(ctx context.Context, path string, body any) ([]byte, error)
- func (*Transport) SetRefreshFunc(fn func(ctx context.Context, refreshToken string) (*TokenResponse, error))
- func (*Transport) SetTokens(accessToken, refreshToken string, expiresIn int)
- type TwoFactorProvider
Types
type AuthClient struct { // contains filtered or unexported fields }
func NewAuthClient(transport *Transport, device DeviceInfo, identityURL string) *AuthClient
NewAuthClient creates a new authentication client.
func (a *AuthClient) GetAPIKey(ctx context.Context, email, password string) (clientID, clientSecret string, err error)
GetAPIKey retrieves (or creates) an API key for the current user. Requires an authenticated session (access token set on transport).
func (a *AuthClient) Login(ctx context.Context, email, password string) (*TokenResponse, *crypto.KeyChain, error)
Login authenticates with email and master password, returning the token response. It also sets up the transport with the received tokens and configures token refresh.
func (a *AuthClient) LoginWithAPIKey(ctx context.Context, clientID, clientSecret, email, password string) (*TokenResponse, *crypto.KeyChain, error)
LoginWithAPIKey authenticates using an API key (client_credentials grant). API keys bypass 2FA but do NOT return encryption keys — the master password is still required to derive the KeyChain for vault operations.
func (a *AuthClient) Prelogin(ctx context.Context, email string) (*PreloginResponse, error)
Prelogin retrieves KDF parameters for the given email.
func (a *AuthClient) RefreshToken(ctx context.Context) error
RefreshToken refreshes the access token using the stored refresh token.
func (a *AuthClient) Register(ctx context.Context, email, password, name string, cfg crypto.DeriveKeyConfig) error
Register creates a new account on the server.
func (a *AuthClient) SetTwoFactorProvider(p TwoFactorProvider)
SetTwoFactorProvider sets the 2FA callback.
type DeviceInfo struct { Name string Identifier string Type int // 14 = CLI/SDK }
DeviceInfo describes the client device for token requests.
func DefaultDeviceInfo() DeviceInfo
DefaultDeviceInfo returns sensible defaults for a Go SDK client.
type ErrorModel struct { Message string `json:"message"` Object string `json:"object"` }
ErrorModel is the nested error object in server error responses.
type ErrorResponse struct { Message string `json:"message"` Error string `json:"error"` ErrorDescription string `json:"error_description"` ValidationErrors map[string][]string `json:"validationErrors,omitempty"` ErrorModel *ErrorModel `json:"errorModel,omitempty"` }
ErrorResponse is the error format returned by the server API.
type NotificationHandler func(msg NotificationMessage)
NotificationHandler is called when a notification is received.
type NotificationMessage struct { Type NotificationType ContextID string Payload NotificationPayload }
NotificationMessage is the decoded notification from the server.
type NotificationPayload struct { ID string UserID string OrganizationID string CollectionIDs []string RevisionDate string Date string }
NotificationPayload holds the payload fields of a notification.
type NotificationType int
NotificationType represents the type of server notification.
const ( NotifSyncCipherUpdate NotificationType = 0 NotifSyncCipherCreate NotificationType = 1 NotifSyncLoginDelete NotificationType = 2 NotifSyncFolderDelete NotificationType = 3 NotifSyncCiphers NotificationType = 4 NotifSyncVault NotificationType = 5 NotifSyncOrgKeys NotificationType = 6 NotifSyncFolderCreate NotificationType = 7 NotifSyncFolderUpdate NotificationType = 8 NotifSyncCipherDelete NotificationType = 9 NotifSyncSettings NotificationType = 10 NotifLogOut NotificationType = 11 NotifSyncSendCreate NotificationType = 12 NotifSyncSendUpdate NotificationType = 13 NotifSyncSendDelete NotificationType = 14 NotifAuthRequest NotificationType = 15 NotifAuthRequestResponse NotificationType = 16 )
type NotificationsClient struct { // contains filtered or unexported fields }
NotificationsClient manages a WebSocket connection to the notifications hub.
func NewNotificationsClient(transport *Transport, handler NotificationHandler) *NotificationsClient
NewNotificationsClient creates a new notifications client.
func (nc *NotificationsClient) Close() error
Close stops the WebSocket connection and waits for the background goroutine to exit.
func (nc *NotificationsClient) Connect(ctx context.Context) error
Connect starts the background WebSocket connection with automatic reconnection. The provided context controls the lifetime of the connection — cancel it to stop.
func (nc *NotificationsClient) SetLogger(l *log.Logger)
SetLogger sets a logger for debug output. By default, logging is disabled.
type PreloginRequest struct { Email string `json:"email"` }
PreloginRequest is the body for POST /identity/accounts/prelogin.
type PreloginResponse struct { Kdf int `json:"kdf"` KdfIterations int `json:"kdfIterations"` KdfMemory int `json:"kdfMemory,omitempty"` KdfParallelism int `json:"kdfParallelism,omitempty"` }
PreloginResponse contains KDF parameters for a given email.
type RegisterKeys struct { PublicKey string `json:"publicKey"` EncryptedPrivateKey string `json:"encryptedPrivateKey"` }
RegisterKeys contains the public/private key pair for registration.
type RegisterRequest struct { Name string `json:"name"` Email string `json:"email"` MasterPasswordHash string `json:"masterPasswordHash"` MasterPasswordHint *string `json:"masterPasswordHint"` Key string `json:"key"` Kdf int `json:"kdf"` KdfIterations int `json:"kdfIterations"` KdfMemory int `json:"kdfMemory,omitempty"` KdfParallelism int `json:"kdfParallelism,omitempty"` Keys RegisterKeys `json:"keys"` }
RegisterRequest is the body for POST /identity/accounts/register.
type ServerError struct { StatusCode int Msg string Raw string }
ServerError represents an error response from the Bitwarden/Vaultwarden server.
func (e *ServerError) Error() string
type SyncOrg struct { ID string `json:"id"` Name string `json:"name"` Key string `json:"key"` Status int `json:"status"` Type int `json:"type"` Enabled bool `json:"enabled"` }
SyncOrg is an organization entry in the sync profile.
type SyncProfile struct { ID string `json:"id"` Email string `json:"email"` Name string `json:"name"` Organizations []SyncOrg `json:"organizations"` }
SyncProfile is the profile section of the sync response.
type SyncResponse struct { Profile SyncProfile `json:"profile"` Folders []json.RawMessage `json:"folders"` Ciphers []json.RawMessage `json:"ciphers"` Collections []json.RawMessage `json:"collections"` Sends []json.RawMessage `json:"sends"` }
SyncResponse is the response from GET /api/sync.
type TokenResponse struct { AccessToken string `json:"access_token"` RefreshToken string `json:"refresh_token"` ExpiresIn int `json:"expires_in"` TokenType string `json:"token_type"` // Encryption keys — only present on password grant (not refresh). Key string `json:"Key"` PrivateKey string `json:"PrivateKey"` // 2FA challenge fields — present when HTTP 400 + 2FA required. TwoFactorProviders2 map[string]map[string]any `json:"TwoFactorProviders2,omitempty"` }
TokenResponse is the response from POST /identity/connect/token.
type Transport struct { // contains filtered or unexported fields }
Transport provides authenticated HTTP access to the Bitwarden/Vaultwarden server API.
func NewTransport(baseURL string, httpClient *http.Client) *Transport
NewTransport creates a new authenticated transport.
func (t *Transport) AccessToken(ctx context.Context) (string, error)
AccessToken returns the current access token, refreshing if expired.
func (t *Transport) BaseURL() string
BaseURL returns the configured base URL.
func (t *Transport) ClearTokens()
ClearTokens removes all stored tokens.
func (t *Transport) Delete(ctx context.Context, path string) ([]byte, error)
Delete performs an authenticated DELETE request.
func (t *Transport) Get(ctx context.Context, path string, query url.Values) ([]byte, error)
Get performs an authenticated GET request.
func (t *Transport) Post(ctx context.Context, path string, body any) ([]byte, error)
Post performs an authenticated POST request with a JSON body.
func (t *Transport) PostForm(ctx context.Context, fullURL string, form url.Values) ([]byte, error)
PostForm performs an authenticated POST request with form-encoded body. Used for the token endpoint.
func (t *Transport) PostFormNoAuth(ctx context.Context, fullURL string, form url.Values) ([]byte, error)
PostFormNoAuth performs an unauthenticated POST with form-encoded body.
func (t *Transport) PostNoAuth(ctx context.Context, path string, body any) ([]byte, error)
PostNoAuth performs an unauthenticated POST request with a JSON body.
func (t *Transport) Put(ctx context.Context, path string, body any) ([]byte, error)
Put performs an authenticated PUT request with a JSON body.
func (t *Transport) SetRefreshFunc(fn func(ctx context.Context, refreshToken string) (*TokenResponse, error))
SetRefreshFunc sets the callback used to refresh expired tokens.
type TwoFactorProvider interface { // ProvideTwoFactor is called with the available 2FA provider types and their params. // It should return the chosen provider type, the token/code, and whether to remember. ProvideTwoFactor(ctx context.Context, providers map[string]map[string]any) (providerType int, token string, remember bool, err error) }
TwoFactorProvider is called when the server requires 2FA during login.
AuthClient handles authentication against the Bitwarden/Vaultwarden identity API.