Module auth 

Shared, connector-agnostic authentication abstraction.

Multiple connectors that authenticate against the same system (e.g. four matrix rows reading from one Snowflake account, or four endpoints of one REST API) can share a single AuthProvider. A provider is a live entity that owns the token cache and refresh lifecycle; connectors hold an Arc to it and ask for the current Credential per request, so N connectors share one token with single-flight refresh instead of racing to refresh it.

• Credential — a resolved credential (bearer token, header, basic auth).
• AuthProvider — an object-safe trait yielding credentials, with single-flight refresh implemented by the provider.
• AuthSpec — a connector config field that is either inline auth { type, config } or a { ref: <name> } pointer to a shared provider.

The HTTP-based provider implementations (OAuth2, token-endpoint) live in the separate faucet-auth crate so faucet-core stays free of an HTTP-client dependency.

Structs

AuthReference

A { ref: <name> } pointer to a named provider in the top-level auth: catalog. The only permitted key is ref.

Enums

AuthSpec

A connector’s auth: field: either an inline auth definition A (the { type, config } shape), or a { ref: <name> } reference to a shared provider defined in the top-level auth: catalog.

Credential

A resolved credential produced by an AuthProvider or built from inline auth config. Connectors map this onto their wire protocol (HTTP header, gRPC metadata, …).

Traits

AuthProvider

A live, shareable source of credentials.

Type Aliases

SharedAuthProvider

A shared AuthProvider handle. Cloning it shares the one live provider (and its single token cache) across connectors.