Trait TokenProvider

Source

pub trait TokenProvider: Send + Sync {
    // Required method
    fn token(&self) -> BoxFuture<'_, Result<String, Error>>;
}

Expand description

Provides an Authorization header value for each outgoing gRPC call.

Implement this trait to integrate with any auth source — static bearer token, HTTP Basic Auth, OAuth2, OIDC, service-account token rotation, etc.

§Contract

token must return the complete value to be set in the authorization gRPC metadata field, including the scheme prefix:

Bearer auth: "Bearer <token>"
Basic auth: "Basic <base64(user:pass)>"
No auth (unauthenticated clusters): "" — the client omits the header.

§Custom implementation

The future must be Send because the client may call it from any async task. Use Box::pin(async move { … }) to construct the return value:

use futures::future::BoxFuture;
use armada_client::{Error, TokenProvider};

struct MyTokenProvider;

impl TokenProvider for MyTokenProvider {
    fn token(&self) -> BoxFuture<'_, Result<String, Error>> {
        Box::pin(async move {
            // Fetch or refresh from your auth backend here.
            Ok("Bearer my-dynamic-token".to_string())
        })
    }
}

Return Error::auth to signal that token retrieval failed:

        Box::pin(async move {
            Err(Error::auth("token expired"))
        })

Required Methods§

Source

fn token(&self) -> BoxFuture<'_, Result<String, Error>>

Retrieve the current Authorization header value asynchronously.

Return the full scheme-prefixed value (e.g. "Bearer <token>") or an empty string to send no Authorization header. The client calls this before every RPC; implementations that cache tokens should handle expiry and refresh internally.