Expand description
Shared Parslee OAuth2 PKCE + token/keychain logic.
Used by car-cli (car auth login parslee, loopback flow) and by
car-server (the auth.* JSON-RPC surface that CAR Host.app’s
signup GUI drives). The keychain keys + default service exactly
match what car-inference reads at request time
(PARSLEE_ACCESS_TOKEN, default "car" service) — see
car-inference remote.rs::lease_key.
Structs§
- Token
Set /connect/tokensuccess body.
Constants§
- DEFAULT_
API_ BASE - PARSLEE_
ACCESS_ TOKEN_ KEY - PARSLEE_
API_ BASE_ KEY - PARSLEE_
EXPIRES_ AT_ KEY - PARSLEE_
REFRESH_ TOKEN_ KEY
Functions§
- access_
token - Current access token (env override first, then keychain).
- api_
base - Resolve the API base: explicit override → stored → default.
- authorize_
url - Build the
/connect/authorizeURL the user opens in a browser. - clear_
tokens - Remove all stored Parslee credentials. Idempotent.
- exchange_
code - Exchange an authorization code + PKCE verifier for tokens.
- fetch_
status - Fetch the Parslee session JSON for the stored token. Returns the
raw response body (the caller renders it).
Ok(None)= not signed in. - new_
state - Opaque OAuth
statevalue (CSRF guard). - pkce_
challenge - PKCE S256 challenge for a verifier.
- pkce_
verifier - PKCE code verifier (URL-safe, no padding).
- store_
tokens - Persist a token set + the API base into the OS keychain (default
"car"service — the same placecar-inferencereads from).