Skip to main content

Crate cirrus_auth

Crate cirrus_auth 

Source
Expand description

Salesforce OAuth 2.0 authentication flows for the Cirrus SDK.

Salesforce supports several OAuth 2.0 flows, each producing the same two pieces of information: a bearer access token and an instance_url that becomes the base URL for subsequent REST calls. The rest of the SDK is flow-agnostic — it only needs an AuthSession that can hand over those two values on demand.

Implementations live in submodules (one per flow). They are responsible for their own token acquisition, refresh, and any caching. The trait method is async so an implementation may transparently refresh an expired token when called.

§Crate boundary

This crate is the canonical home of every auth flow used by the Cirrus SDK. It is re-exported as cirrus::auth so end users never depend on cirrus-auth directly — cirrus = "..." is enough. Other Cirrus subcrates (e.g. cirrus-metadata) that need an authenticated session depend on cirrus-auth so they don’t pull in the full REST client.

§Implementations

  • static_token — preset access token + instance URL. Useful for tests, scripts, or callers that have already obtained credentials by other means.
  • jwt — OAuth 2.0 JWT Bearer flow for server-to-server auth.
  • refresh — OAuth 2.0 Refresh Token grant. Long-lived sessions for any flow that produces a refresh token.
  • client_credentials — OAuth 2.0 Client Credentials grant for server-to-server integrations that run as a pre-configured user.
  • web_server — OAuth 2.0 Web Server flow with PKCE for user-interactive authorization. Yields a RefreshTokenAuth once the user comes back through the redirect URL.
  • token_exchange — OAuth 2.0 Token Exchange (RFC 8693), including Salesforce’s hybrid grant.

Flows Salesforce lists as legacy or deprecated are intentionally not supported.

Re-exports§

pub use client_credentials::ClientCredentialsAuth;
pub use client_credentials::ClientCredentialsAuthBuilder;
pub use jwt::JwtAuth;
pub use jwt::JwtAuthBuilder;
pub use refresh::RefreshTokenAuth;
pub use refresh::RefreshTokenAuthBuilder;
pub use static_token::StaticTokenAuth;
pub use token_exchange::SubjectTokenType;
pub use token_exchange::TokenExchangeFlow;
pub use token_exchange::TokenExchangeFlowBuilder;
pub use token_exchange::TokenExchangeGrantType;
pub use token_exchange::TokenExchangeSession;
pub use web_server::CompletedSession;
pub use web_server::PendingExchange;
pub use web_server::WebServerFlow;
pub use web_server::WebServerFlowBuilder;

Modules§

client_credentials
OAuth 2.0 Client Credentials grant for server-to-server integrations.
jwt
OAuth 2.0 JWT Bearer flow for Salesforce server-to-server auth.
refresh
OAuth 2.0 Refresh Token grant for long-lived Salesforce sessions.
static_token
Preset-credential auth: caller supplies a known-good access token and instance URL. No refresh, no negotiation.
token_exchange
OAuth 2.0 Token Exchange flow (RFC 8693) for trading an external identity provider’s token for a Salesforce access token.
web_server
OAuth 2.0 Web Server flow with PKCE for interactive (user-in-the-loop) auth.

Enums§

AuthError
Errors produced while acquiring or refreshing a Salesforce OAuth session.

Traits§

AuthSession
Abstraction over a Salesforce authentication session.

Type Aliases§

AuthResult
Specialized Result type for cirrus-auth operations.
SharedAuth
Arc<dyn AuthSession> — the shape stored inside the client.