Module encryption 

AES-256-GCM encryption utilities for OAuth tokens.

When AccountConfig::encrypt_oauth_tokens is true, access tokens, refresh tokens, and ID tokens are encrypted before being persisted and decrypted transparently on read.

Structs

EncryptedTokenSet

A set of OAuth tokens (access, refresh, id) after conditional encryption.

Functions

decrypt_token

Decrypt a base64-encoded nonce || ciphertext string using AES-256-GCM.

encrypt_token

Encrypt a plaintext string using AES-256-GCM.

encrypt_token_set

Read encrypt_oauth_tokens and secret from the auth context and conditionally encrypt a full set of OAuth tokens in one call.

maybe_decrypt

Conditionally decrypt a token value. Returns the original value when encryption is disabled, or the decrypted value when enabled.

maybe_encrypt

Conditionally encrypt a token value. Returns the original value when encryption is disabled, or the encrypted value when enabled.