Skip to main content

Module token

Module token 

Source
Expand description

Action for dsp auth token.

Prints the resolved bearer token verbatim to stdout, bare — no envelope, no --format, no Renderer. This is the read-out counterpart to dsp auth set-token (which reads a JWT from stdin into the cache): today set-token writes a token in, and this command is the only way to read one back out for use in shell pipelines (export DSP_TOKEN=$(dsp auth token -s dev)).

No server round-trip is made — this is a pure cache/env inspection, like dsp auth status (see status.rs), from which the resolution and expiry logic below is lifted. Before printing, a local, best-effort expiry check is done: if the resolved token is locally detected as expired, or no token is cached for the server, the command returns Diagnostic::AuthRequired (exit 3, ADR-0012) instead of printing anything. This check is advisory only — the JWT signature is not verified (see crate::client::jwt) — so exit 0 means only “the token looks unexpired locally,” not “the server will accept it.” See ADR-0007 for the token-resolution/precedence model this command reuses unchanged.

Functions§

run
Print the resolved bearer token for cfg.server to stdout.