cirrus-auth 0.2.2

Salesforce OAuth 2.0 authentication flows for the Cirrus SDK.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

//! Preset-credential auth: caller supplies a known-good access token and
//! instance URL. No refresh, no negotiation.
//!
//! Useful for tests, short-lived scripts, or callers that have already
//! performed an OAuth flow out-of-band (e.g. via the `sfdx` CLI) and want to
//! reuse the resulting token. Real OAuth flows live in sibling modules.

use crate::AuthSession;
use crate::error::AuthResult;
use async_trait::async_trait;
use std::borrow::Cow;

/// Authentication backed by a fixed access token and instance URL.
///
/// Once the token expires, requests will start failing with a 401
/// `INVALID_SESSION_ID` from Salesforce. This type does not refresh;
/// pair it with a flow that does (or rebuild the client) to recover.
#[derive(Clone)]
pub struct StaticTokenAuth {
    access_token: String,
    instance_url: String,
}

impl std::fmt::Debug for StaticTokenAuth {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("StaticTokenAuth")
            .field("access_token", &"[redacted]")
            .field("instance_url", &self.instance_url)
            .finish()
    }
}

impl StaticTokenAuth {
    /// Constructs a session from a known token and instance URL.
    ///
    /// `instance_url` is normalized by trimming a trailing slash so that
    /// path concatenation in the client always produces clean URLs.
    ///
    /// Static-token auth doesn't refresh — when the token expires, calls
    /// will surface 401. Use for short-lived scripts, CLI tools, or
    /// tests where you've pasted a token from `sf org display`. For
    /// long-running services prefer [`JwtAuth`](crate::JwtAuth) or
    /// [`RefreshTokenAuth`](crate::RefreshTokenAuth).
    ///
    /// # Example
    ///
    /// ```
    /// use cirrus_auth::{AuthSession, StaticTokenAuth};
    /// use std::sync::Arc;
    ///
    /// let auth: Arc<dyn AuthSession> = Arc::new(StaticTokenAuth::new(
    ///     "00D...!AQ...",
    ///     "https://my-org.my.salesforce.com",
    /// ));
    /// assert_eq!(auth.instance_url(), "https://my-org.my.salesforce.com");
    /// ```
    pub fn new(access_token: impl Into<String>, instance_url: impl Into<String>) -> Self {
        let mut instance_url: String = instance_url.into();
        if instance_url.ends_with('/') {
            instance_url.pop();
        }
        Self {
            access_token: access_token.into(),
            instance_url,
        }
    }
}

#[async_trait]
impl AuthSession for StaticTokenAuth {
    async fn access_token(&self) -> AuthResult<Cow<'_, str>> {
        Ok(Cow::Borrowed(&self.access_token))
    }

    fn instance_url(&self) -> &str {
        &self.instance_url
    }
}

#[cfg(test)]
#[allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)]
mod tests {
    use super::*;

    #[tokio::test]
    async fn returns_provided_token_and_url() {
        let auth = StaticTokenAuth::new("tok", "https://example.my.salesforce.com");
        assert_eq!(auth.access_token().await.unwrap(), "tok");
        assert_eq!(auth.instance_url(), "https://example.my.salesforce.com");
    }

    #[tokio::test]
    async fn strips_trailing_slash_from_instance_url() {
        let auth = StaticTokenAuth::new("tok", "https://example.my.salesforce.com/");
        assert_eq!(auth.instance_url(), "https://example.my.salesforce.com");
    }
}