Class SeclaiAuth
Credential chain resolver and SSO cache utilities.
Inherited Members
Namespace: Seclai
Assembly: Seclai.dll
Syntax
public static class SeclaiAuthFields
DefaultSsoClientId
Default SSO client ID (production public client). Override with SECLAI_SSO_CLIENT_ID or config file.
Declaration
public const string DefaultSsoClientId = "4bgf8v9qmc5puivbaqon9n5lmr"Field Value
| Type | Description |
|---|---|
| string |
DefaultSsoDomain
Default SSO domain (production Cognito). Override with SECLAI_SSO_DOMAIN or config file.
Declaration
public const string DefaultSsoDomain = "auth.seclai.com"Field Value
| Type | Description |
|---|---|
| string |
DefaultSsoRegion
Default SSO region. Override with SECLAI_SSO_REGION or config file.
Declaration
public const string DefaultSsoRegion = "us-west-2"Field Value
| Type | Description |
|---|---|
| string |
Methods
CacheFileName(string, string)
Computes the SHA-1 hex hash of "domain|clientId".
Declaration
public static string CacheFileName(string domain, string clientId)Parameters
| Type | Name | Description |
|---|---|---|
| string | domain | The Cognito domain. |
| string | clientId | The Cognito app client ID. |
Returns
| Type | Description |
|---|---|
| string | Hex-encoded SHA-1 hash string. |
DeleteSsoCache(string, SsoProfile)
Deletes a cached SSO token file.
Declaration
public static void DeleteSsoCache(string configDir, SsoProfile profile)Parameters
| Type | Name | Description |
|---|---|---|
| string | configDir | Resolved config directory path. |
| SsoProfile | profile | SSO profile used to derive the cache filename. |
IsTokenValid(SsoCacheEntry)
Checks if a cached token is still valid (with 30s buffer).
Declaration
public static bool IsTokenValid(SsoCacheEntry entry)Parameters
| Type | Name | Description |
|---|---|---|
| SsoCacheEntry | entry | The cached token entry to check. |
Returns
| Type | Description |
|---|---|
| bool |
|
LoadSsoProfile(string, string)
Loads an SSO profile from the config directory. Always returns a valid profile using built-in defaults and environment variable overrides (SECLAI_SSO_DOMAIN, SECLAI_SSO_CLIENT_ID, SECLAI_SSO_REGION).
Declaration
public static SsoProfile LoadSsoProfile(string configDir, string profileName)Parameters
| Type | Name | Description |
|---|---|---|
| string | configDir | Resolved config directory path. |
| string | profileName | Profile name ("default" or a named profile). |
Returns
| Type | Description |
|---|---|
| SsoProfile | The resolved profile with defaults applied. |
ParseIni(TextReader)
Parses an AWS-style INI config file into sections.
Declaration
public static Dictionary<string, Dictionary<string, string>> ParseIni(TextReader reader)Parameters
| Type | Name | Description |
|---|---|---|
| TextReader | reader | Text reader for the INI content. |
Returns
| Type | Description |
|---|---|
| Dictionary<string, Dictionary<string, string>> | Dictionary of section names to key-value pairs. |
ReadSsoCache(string, SsoProfile)
Reads a cached SSO token from disk.
Declaration
public static SsoCacheEntry? ReadSsoCache(string configDir, SsoProfile profile)Parameters
| Type | Name | Description |
|---|---|---|
| string | configDir | Resolved config directory path. |
| SsoProfile | profile | SSO profile used to derive the cache filename. |
Returns
| Type | Description |
|---|---|
| SsoCacheEntry | The cached entry, or |
RefreshTokenAsync(SsoProfile, string, HttpClient?, CancellationToken)
Refreshes an SSO token via the Cognito token endpoint.
Declaration
public static Task<SsoCacheEntry> RefreshTokenAsync(SsoProfile profile, string refreshToken, HttpClient? httpClient = null, CancellationToken cancellationToken = default)Parameters
| Type | Name | Description |
|---|---|---|
| SsoProfile | profile | SSO profile with Cognito domain and client ID. |
| string | refreshToken | The refresh token to exchange. |
| HttpClient | httpClient | Optional pre-configured HTTP client. |
| CancellationToken | cancellationToken | Cancellation token. |
Returns
| Type | Description |
|---|---|
| Task<SsoCacheEntry> | A fresh SsoCacheEntry with the new tokens. |
Exceptions
| Type | Condition |
|---|---|
| ConfigurationException | If the Cognito token endpoint returns a non-success status. |
WriteSsoCache(string, SsoProfile, SsoCacheEntry)
Writes a cache entry to disk, replacing any existing file.
Declaration
public static void WriteSsoCache(string configDir, SsoProfile profile, SsoCacheEntry entry)Parameters
| Type | Name | Description |
|---|---|---|
| string | configDir | Resolved config directory path. |
| SsoProfile | profile | SSO profile used to derive the cache filename. |
| SsoCacheEntry | entry | Token data to persist. |