Struct Account 

pub struct Account {

    pub id: String,
    pub user_id: String,
    pub provider_id: String,
    pub account_id: String,
    pub access_token: Option<String>,
    pub refresh_token: Option<String>,
    pub id_token: Option<String>,
    pub access_token_expires_at: Option<u64>,
    pub refresh_token_expires_at: Option<u64>,
    pub scope: Option<String>,
    pub password: Option<String>,
    pub created_at: u64,
    pub updated_at: u64,
}

A persisted account link. Schema-aligned with better-auth’s account table (verified against https://www.better-auth.com/docs/concepts/database at the time of writing) so users migrating from better-auth see the same field names + meanings:

• provider_id — the provider’s name ("google", "github", plus "credential" once email/password auth lands). Matches better-auth’s providerId.
• account_id — the PROVIDER’S ID for the user (Google sub, GitHub numeric id, or for email/password the user’s own id). Matches better-auth’s accountId. NOT the row PK.
• id — the row PK, generated. Lets the row be referenced independently of the (provider_id, account_id) natural key.
• password — bcrypt/argon2 hash for provider_id="credential" rows; None for OAuth links. Reserves the column so adding email/password auth doesn’t need a schema migration.

Account vs. user: a single User row can have many Account rows (Google + GitHub + a password — all linked to one pylon user). Provider lookup is by (provider_id, account_id) — NOT email — so a user changing their Google address keeps the same pylon account.

Fields

id: String

user_id: String

provider_id: String

Provider name — "google", "github", "credential", etc. (better-auth: providerId)

account_id: String

Provider’s id for the user — Google sub, GitHub numeric id, or for provider_id="credential" the user’s own id. (better-auth: accountId)

access_token: Option<String>

refresh_token: Option<String>

id_token: Option<String>

access_token_expires_at: Option<u64>

Unix epoch seconds at which access_token expires. None for non-expiring tokens (GitHub Classic apps) or for password rows.

refresh_token_expires_at: Option<u64>

Unix epoch seconds at which refresh_token expires. None when the provider doesn’t expire refresh tokens (most don’t, but Microsoft Identity Platform does after 90 days of inactivity).

scope: Option<String>

password: Option<String>

Bcrypt/argon2 hash for email/password rows. None for OAuth. Always None today — present so adding password auth later doesn’t require a schema migration.

created_at: u64

Unix epoch seconds when this account was first linked.

updated_at: u64

Unix epoch seconds when the token bundle was last refreshed.

Implementations

impl Account

pub fn new(user_id: String, info: &UserInfo, tokens: &TokenSet) -> Self

Build a new account link from a freshly-completed OAuth handshake. Generates a fresh row id; the (provider_id, account_id) pair is what later lookups key on.

pub fn access_token_expired(&self) -> bool

True if access_token_expires_at is set and has passed. Non-expiring tokens (GitHub Classic) report false — caller should treat them as “valid until proven otherwise” and refresh on 401.

Trait Implementations

impl Clone for Account

fn clone(&self) -> Account

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Account

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for Account

fn eq(&self, other: &Account) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for Account

impl StructuralPartialEq for Account