Struct DataCloudToken 

pub struct DataCloudToken { /* private fields */ }

Data Cloud JWT (DC JWT) for Hyper gRPC authentication.

Obtained by exchanging an OAuth Access Token at /services/a360/token. Sent as the Authorization: Bearer <jwt> header with every gRPC call to the Hyper query engine.

The DC JWT has a ~2-hour lifetime (exp claim), but is proactively refreshed much earlier (every ~15 minutes by default) so that the underlying OAuth Access Token is revalidated before Salesforce’s server-side inactivity timeout can invalidate it.

Implementations

impl DataCloudToken

pub fn from_response( response: DataCloudTokenResponse, ) -> SalesforceAuthResult<Self>

Creates a DC JWT from a /services/a360/token response.

Errors

• Returns SalesforceAuthError::Authorization if response carries both error and error_description fields.
• Returns SalesforceAuthError::TokenParse if response.access_token is empty, or if response.instance_url cannot be parsed as a URL (after prepending https:// when the scheme is missing).

pub fn bearer_token(&self) -> String

Returns the bearer token string for the Authorization header.

Format: "Bearer <dc_jwt>"

pub fn access_token(&self) -> &str

Returns just the DC JWT value (without the type prefix).

pub fn token_type(&self) -> &str

Returns the token type (e.g., “Bearer”).

pub fn tenant_url(&self) -> &Url

Returns the Data Cloud tenant URL.

pub fn tenant_url_str(&self) -> &str

Returns the tenant URL as a string (for the audience gRPC header).

pub fn created_at(&self) -> DateTime<Utc>

Returns when this DC JWT was obtained.

pub fn expires_at(&self) -> DateTime<Utc>

Returns the DC JWT expiration time.

pub fn age(&self) -> Duration

Returns the age of this DC JWT (time since it was obtained).

pub fn remaining_lifetime(&self) -> Duration

Returns the remaining lifetime of this DC JWT.

pub fn is_valid(&self) -> bool

Checks if the DC JWT is still valid (not expired).

Returns true if the DC JWT has at least 300 seconds (5 minutes) of remaining lifetime. This buffer ensures callers never use a DC JWT that is about to expire.

pub fn is_expired(&self) -> bool

Checks if the DC JWT is expired.

pub fn needs_refresh(&self, threshold_secs: i64, max_age_secs: i64) -> bool

Checks if the DC JWT should be proactively refreshed.

Mirrors the C++ IsDCJWTExpiringSoon logic: returns true when either the DC JWT is near its hard expiry OR it has exceeded the maximum age. This ensures:

• The OAuth Access Token is revalidated regularly (catching server-side inactivity timeouts)
• The DC JWT is replaced well before its ~2-hour hard expiry

Arguments

• threshold_secs - Refresh when the DC JWT has fewer than this many seconds remaining (default: 300 = 5 minutes)
• max_age_secs - Refresh when the DC JWT is older than this many seconds (default: 900 = 15 minutes)

pub fn tenant_id(&self) -> SalesforceAuthResult<String>

Extracts the tenant ID from the DC JWT payload.

The tenant ID is stored in the audienceTenantId claim of the JWT.

Errors

Returns SalesforceAuthError::TokenParse if:

• The JWT does not have exactly three dot-separated parts.
• The payload segment is not valid base64url (via base64_url_decode).
• The decoded payload is not valid JSON (via the From conversion from serde_json::Error).
• The payload object is missing a string-valued audienceTenantId claim.

pub fn lakehouse_name( &self, dataspace: Option<&str>, ) -> SalesforceAuthResult<String>

Returns the lakehouse name for Hyper connection.

Format: "lakehouse:<tenant_id>;<dataspace>"

Errors

Propagates any SalesforceAuthError::TokenParse from Self::tenant_id (malformed JWT structure, non-base64url payload, non-JSON payload, or missing audienceTenantId claim).

Trait Implementations

impl Clone for DataCloudToken

fn clone(&self) -> DataCloudToken

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for DataCloudToken

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.