Struct DataCloudTokenProvider 

pub struct DataCloudTokenProvider { /* private fields */ }

DC JWT provider.

Handles the full token flow for Salesforce Data Cloud:

1. Authenticates with Salesforce using the configured auth mode to obtain an OAuth Access Token
2. Exchanges the OAuth Access Token for a DC JWT
3. Caches both tokens and refreshes them independently:
   • The OAuth Access Token is refreshed only when genuinely expired (to avoid unnecessary OAuth Refresh Token rotation)
   • The DC JWT is refreshed whenever it is expired or requested

On DC JWT exchange failure, the provider retries once with a force-refreshed OAuth Access Token (Step 2a), matching the behavior described in the GenieOAuthManagement documentation.

Example

use hyperdb_api_salesforce::{SalesforceAuthConfig, AuthMode, DataCloudTokenProvider};

let config = SalesforceAuthConfig::new(
    "https://login.salesforce.com",
    "your-client-id",
)?
.auth_mode(AuthMode::private_key("user@example.com", &private_key_pem)?);

let mut provider = DataCloudTokenProvider::new(config)?;

// Get a valid DC JWT (automatically handles the full token flow)
let token = provider.get_token().await?;
println!("Authorization: {}", token.bearer_token());

Implementations

impl DataCloudTokenProvider

pub fn new(config: SalesforceAuthConfig) -> SalesforceAuthResult<Self>

Creates a new DC JWT provider with the given configuration.

Errors

Returns an error if the configuration is invalid.

pub fn config(&self) -> &SalesforceAuthConfig

Returns the configuration.

pub async fn get_token(&mut self) -> SalesforceAuthResult<&DataCloudToken>

Gets a valid DC JWT.

If a cached DC JWT exists and is still valid, it is returned. Otherwise, a new DC JWT is obtained through the full token flow.

Errors

Propagates any error from Self::fetch_dc_jwt — typically SalesforceAuthError::Http, SalesforceAuthError::Authorization, SalesforceAuthError::Jwt, SalesforceAuthError::TokenExchange, or SalesforceAuthError::TokenParse depending on where the three-step refresh cycle (OAuth Access Token → DC JWT) fails.

Panics

Does not panic in practice. The trailing unwrap() on self.cached_dc_jwt is guarded by the preceding cache-population logic: either the cache was already populated with a valid token, or Self::fetch_dc_jwt just filled it.

pub async fn force_refresh(&mut self) -> SalesforceAuthResult<&DataCloudToken>

Forces a full token refresh (both OAuth Access Token and DC JWT), even if the cached tokens are still valid.

Errors

Propagates any error from Self::get_token (same failure modes as the full token-flow refresh).

pub async fn refresh_token(&mut self) -> SalesforceAuthResult<&DataCloudToken>

Forces a DC JWT refresh while allowing the OAuth Access Token to be reused if still valid.

This is the preferred refresh method during normal operation: it re-exchanges the (possibly cached) OAuth Access Token for a fresh DC JWT without unnecessarily rotating the OAuth Refresh Token.

Errors

Propagates any error from Self::get_token (HTTP, authorization, JWT signing, or token-parse failures during the DC JWT exchange).

pub fn clear_cache(&mut self)

Clears all cached tokens (both OAuth Access Token and DC JWT).

pub fn bearer_token(&self) -> Option<String>

Returns the DC JWT bearer token string if a valid DC JWT is cached.

Convenience method for getting the Authorization header value without an async call. Returns None if no valid DC JWT is cached.

pub fn tenant_url(&self) -> Option<&str>

Returns the tenant URL if a valid DC JWT is cached.

pub fn lakehouse_name(&self) -> SalesforceAuthResult<Option<String>>

Returns the lakehouse name for Hyper connection.

Errors

Propagates SalesforceAuthError::TokenParse from DataCloudToken::lakehouse_name if the cached DC JWT’s tenant URL cannot be parsed into a valid lakehouse identifier.

Trait Implementations

impl Debug for DataCloudTokenProvider

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.