Struct tame_oauth::token_cache::CachedTokenProvider

pub struct CachedTokenProvider<P> { /* private fields */ }

Wraps a TokenProvider in a cache, only invokes the inner TokenProvider if the token in cache is expired, or if it doesn’t exist.

Implementations

impl CachedTokenProvider<EndUserCredentialsInner>

pub fn new(info: EndUserCredentialsInfo) -> Self

impl CachedTokenProvider<MetadataServerProviderInner>

pub fn new(account_name: Option<String>) -> Self

impl CachedTokenProvider<ServiceAccountProviderInner>

pub fn new(info: ServiceAccountInfo) -> Result<Self, Error>

pub fn get_account_info(&self) -> &ServiceAccountInfo

Gets the ServiceAccountInfo this was created for

impl CachedTokenProvider<TokenProviderWrapperInner>

pub fn get_default_provider() -> Result<Option<Self>, Error>

Get a TokenProvider following the “Google Default Credentials” flow, in order:

• If the GOOGLE_APPLICATION_CREDENTIALS environment variable is set, use that as a path to a ServiceAccountInfo.

• Check for a gcloud’s Application Default Credentials for EndUserCredentials

• If we’re running on GCP, use the local metadata server.

• Otherwise, return None.

If it appears that a method is being used, but is actually invalid, eg GOOGLE_APPLICATION_CREDENTIALS is set but the file doesn’t exist or contains invalid JSON, an error is returned with the details

pub fn kind(&self) -> &'static str

Gets the kind of token provider

pub fn is_service_account_provider(&self) -> bool

pub fn is_metadata_server_provider(&self) -> bool

pub fn is_end_user_credentials_provider(&self) -> bool

impl<P> CachedTokenProvider<P>

pub fn wrap(token_provider: P) -> Self

Wraps a token provider with a cache

pub fn inner(&self) -> &P

Gets a reference to the wrapped (uncached) token provider

Trait Implementations

impl<P: Debug> Debug for CachedTokenProvider<P>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<P> IdTokenProvider for CachedTokenProvider<P>

where P: IdTokenProvider,

fn get_id_token(&self, audience: &str) -> Result<IdTokenOrRequest, Error>

Attempts to retrieve an id token that can be used when communicating via IAP etc.

fn get_id_token_with_access_token<S>( &self, audience: &str, response: AccessTokenResponse<S> ) -> Result<IdTokenRequest, Error>

where S: AsRef<[u8]>,

Some token sources require a access token to be used to generte a id token. If get_id_token returns a AccessTokenResponse, this method should be called.

fn parse_id_token_response<S>( &self, hash: u64, response: Response<S> ) -> Result<IdToken, Error>

where S: AsRef<[u8]>,

Once a IdTokenResponse has been received for an id token request, call this method to deserialize the token.

impl<P> TokenProvider for CachedTokenProvider<P>

where P: TokenProvider,

fn get_token_with_subject<'a, S, I, T>( &self, subject: Option<T>, scopes: I ) -> Result<TokenOrRequest, Error>

where S: AsRef<str> + 'a, I: IntoIterator<Item = &'a S> + Clone, T: Into<String>,

Like TokenProvider::get_token, but allows the JWT “subject” to be passed in.

fn parse_token_response<S>( &self, hash: u64, response: Response<S> ) -> Result<Token, Error>

where S: AsRef<[u8]>,

Once a response has been received for a token request, call this method to deserialize the token (and potentially store it in a local cache for reuse until it expires).

fn get_token<'a, S, I>(&self, scopes: I) -> Result<TokenOrRequest, Error>

where S: AsRef<str> + 'a, I: IntoIterator<Item = &'a S> + Clone,

Attempts to retrieve a token that can be used in an API request, if we haven’t already retrieved a token for the specified scopes, or the token has expired, an HTTP request is returned that can be used to retrieve a token.