Skip to main content

TokenCredential

Trait TokenCredential 

Source
pub trait TokenCredential: Send + Sync {
    // Required method
    fn get_token<'life0, 'async_trait>(
        &'life0 self,
    ) -> Pin<Box<dyn Future<Output = Result<String>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;

    // Provided method
    fn get_token_for_scope<'life0, 'life1, 'async_trait>(
        &'life0 self,
        _scope: &'life1 str,
    ) -> Pin<Box<dyn Future<Output = Result<String>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait { ... }
}
Expand description

Supplies bearer tokens for Microsoft Entra ID authentication.

Implement this to integrate a real credential chain (e.g. the AzureCliCredential, ClientSecretCredential, ManagedIdentityCredential, and ChainedTokenCredential that ship with this crate); StaticTokenCredential is provided for a fixed/pre-fetched token (useful in tests, short-lived scripts, or when the caller manages token refresh externally).

Most credentials are bound to a single configured scope (audience) and get_token fetches a token for it. A caller that needs a token for a different scope from the same credential uses get_token_for_scope; the default implementation ignores the scope and delegates to get_token, which is correct for fixed-token credentials but is overridden by the real credentials so each scope is fetched (and cached) independently.

Required Methods§

Source

fn get_token<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<String>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Fetch a bearer token to send as Authorization: Bearer <token>.

Provided Methods§

Source

fn get_token_for_scope<'life0, 'life1, 'async_trait>( &'life0 self, _scope: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<String>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Fetch a bearer token for a specific scope (audience), e.g. "https://ai.azure.com/.default".

The default implementation ignores scope and delegates to get_token — appropriate for credentials that wrap a single fixed token. Credentials that mint tokens per audience override this to honor the requested scope.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§