pub fn maybe_decrypt(
value: Option<&str>,
encrypt: bool,
secret: &str,
) -> Result<Option<String>, AuthError>Expand description
Conditionally decrypt a token value. Returns the original value when encryption is disabled, or the decrypted value when enabled.
When encryption is enabled and decryption fails (e.g. because the token
was stored as plaintext before encryption was turned on), the original
value is returned as-is. This graceful fallback allows enabling
encrypt_oauth_tokens on an existing database without breaking reads
for previously stored plaintext tokens.