Crate faucet_auth

Expand description

Shared, single-flight authentication providers for faucet-stream.

These implement faucet_core::AuthProvider — a live entity that owns a token cache and refresh lifecycle. One instance, wrapped in an Arc, is shared across every connector that references it (via the CLI auth: catalog and auth: { ref }, or by a library caller cloning the Arc), so N connectors hitting one identity provider share a single token with single-flight refresh instead of racing.

Providers:

StaticProvider — a fixed, pre-minted credential.
OAuth2ClientCredentialsProvider — OAuth2 client_credentials grant.
OAuth2RefreshProvider — OAuth2 refresh_token grant with rotation capture (the headline: a single active access token + rotating refresh token, shared safely).
TokenEndpointProvider — fetch a token from an arbitrary HTTP endpoint and extract it via JSONPath.

build_provider constructs one from a { type, config } spec (the shape used by the CLI’s top-level auth: block).

Structs§

OAuth2ClientCredentialsProvider: OAuth2 client_credentials grant provider.
OAuth2RefreshProvider: OAuth2 refresh_token grant provider with refresh-token rotation capture.
StaticProvider: Returns a fixed Credential forever. Useful for pre-minted tokens whose lifetime exceeds the run, or for sharing one static bearer token across many connectors.
TokenEndpointProvider: Fetches a token from an arbitrary endpoint, extracts it via token_path (JSONPath), and caches it with optional expiry tracking. Single-flight refresh via an internal Mutex.

Constants§

DEFAULT_EXPIRY_RATIO: Default fraction of expires_in after which a token is proactively refreshed. A token with expires_in = 3600 is refreshed after 3240 s.

Functions§

build_provider: Build a shared AuthProvider from a { type, config } spec — the shape used by the CLI’s top-level auth: catalog.