pub struct FileTokenBroker { /* private fields */ }Implementations§
Source§impl FileTokenBroker
impl FileTokenBroker
pub fn new(root: impl Into<PathBuf>) -> Self
pub fn with_refresh_window(self, window: Duration) -> Self
pub fn refresh_window(&self) -> Duration
pub fn root(&self) -> &Path
Sourcepub async fn put(&self, bearer_id: &str, rec: FileTokenRecord) -> Result<()>
pub async fn put(&self, bearer_id: &str, rec: FileTokenRecord) -> Result<()>
Write (or overwrite) the three-file record for bearer_id.
Sourcepub async fn read_record(
&self,
bearer_id: &str,
) -> Result<Option<FileTokenRecord>>
pub async fn read_record( &self, bearer_id: &str, ) -> Result<Option<FileTokenRecord>>
Read the three-file record for bearer_id from disk. Does NOT
touch the in-memory cache; useful for verifying persisted state
in tests or for adopters that want to force a re-read.
Sourcepub async fn is_near_expiry(&self, bearer_id: &str) -> bool
pub async fn is_near_expiry(&self, bearer_id: &str) -> bool
Cache-only predicate. Returns true when the cached expires_at
for this bearer is <= now + refresh_window. Returns false if
the bearer is not in cache (the caller should resolve() first
to populate it, or treat unknown as “not near expiry”).
Sourcepub async fn lock_refresh(&self, bearer_id: &str) -> OwnedMutexGuard<()>
pub async fn lock_refresh(&self, bearer_id: &str) -> OwnedMutexGuard<()>
Acquire the per-bearer refresh mutex. Other concurrent acquirers
for the same bearer_id block until this guard drops; acquirers
for different bearers are unaffected. resolve() is NOT
gated on this lock — readers continue to serve pre-refresh
secrets.
Trait Implementations§
Source§impl TokenBroker for FileTokenBroker
impl TokenBroker for FileTokenBroker
Source§fn resolve<'a>(&'a self, caller_id: Option<&'a str>) -> ResolveFuture<'a>
fn resolve<'a>(&'a self, caller_id: Option<&'a str>) -> ResolveFuture<'a>
Resolve a secret bundle for the given caller. Read more
Source§fn accepted_token_formats(&self) -> &'static [&'static str]
fn accepted_token_formats(&self) -> &'static [&'static str]
Hint to the operator + diagnostics paths about which token
format(s) this broker accepts (e.g.
["ce-pairing-code"],
["jwt-rs256"], ["opaque"]). Listener does NOT route on this
— it is informational, surfaced through atd-ref-server --doctor
and the /initialize server-info echo. Default &[] means
“unspecified / introspect via try-resolve”. SP-token-broker-phase2
§4.2.Source§fn resolve_bearer<'a>(&'a self, _bearer: &'a str) -> ResolveBearerFuture<'a>
fn resolve_bearer<'a>(&'a self, _bearer: &'a str) -> ResolveBearerFuture<'a>
Resolve a bearer token (from an HTTP
Authorization: Bearer …
header) to a BearerIdentity. The HTTP listener calls this
once per request before dispatch (SP-streamable-http §4.3). Read moreAuto Trait Implementations§
impl !Freeze for FileTokenBroker
impl !RefUnwindSafe for FileTokenBroker
impl Send for FileTokenBroker
impl Sync for FileTokenBroker
impl Unpin for FileTokenBroker
impl UnsafeUnpin for FileTokenBroker
impl !UnwindSafe for FileTokenBroker
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more