use crate::client::VtaClient;
use crate::credentials::CredentialBundle;
use crate::error::VtaError;
use super::VtaServiceConfig;
pub async fn authenticate(config: &VtaServiceConfig) -> Result<VtaClient, VtaError> {
let url_override = config.url_override.as_deref();
match VtaClient::from_credential(&config.credential, url_override).await {
Ok(client) => {
tracing::info!(
"Authenticated to VTA at '{}' (REST, auto-refresh enabled)",
client.base_url()
);
Ok(client)
}
Err(e) if e.is_network() => Err(e),
Err(e) => {
tracing::debug!("Lightweight VTA auth failed ({e}), trying session auth");
let credential = CredentialBundle::decode(&config.credential)?;
let vta_url = url_override
.or(credential.vta_url.as_deref())
.ok_or_else(|| {
VtaError::Validation("VTA URL not found in credential or url_override".into())
})?;
let token_result = crate::session::challenge_response(
vta_url,
&credential.did,
&credential.private_key_multibase,
&credential.vta_did,
)
.await?;
let client = VtaClient::new(vta_url);
client.set_token_async(token_result.access_token).await;
tracing::info!("Authenticated to VTA at '{vta_url}' (REST, session auth)");
Ok(client)
}
}
}