Skip to main content

TokenStore

things_mcp::oauth

Struct TokenStore

pub struct TokenStore { /* private fields */ }

Implementations§

impl TokenStore

pub fn load( path: PathBuf, client_id: &str, access_ttl: Duration, refresh_ttl: Duration, ) -> Result<Self>

Load (or initialize) the store at path.

Missing file → empty store (info log).
Unreadable/corrupt file → rename aside to tokens.json.broken-{ts}, start empty (warn log).
client_id_hash mismatch → wipe (warn log). Handles oauth.toml regeneration.
Otherwise → drop expired entries and load.

pub async fn mint_pair(&self, chain_id: Option<ChainId>) -> Result<MintedPair>

Mint a new (access, refresh) pair. Pass None for chain_id to start a new chain (use case: authorization_code grant). Pass Some(id) to continue an existing chain (use case: refresh_token grant rotation). Persists to disk before returning. On persist failure logs an error and keeps the in-memory state — the caller still gets a valid pair.

pub async fn validate_access(&self, raw: &str) -> bool

Validate an access token. Returns true iff the token was issued, has not expired, and its chain has not been revoked.

pub async fn consume_refresh(&self, raw: &str) -> Result<ChainId, RefreshError>

Consume a refresh token. Returns the chain_id on success.

Returns Replayed { chain_id } if the token was already consumed — this is a leak signal and the caller MUST follow up with revoke_chain(chain_id). Returns Unknown for a refresh token in an already-revoked chain (we don’t disclose chain identity to a caller who doesn’t already know it).

pub async fn revoke_chain(&self, chain_id: ChainId)

Mark a chain as revoked. All access tokens in this chain stop validating immediately; any refresh tokens in this chain stop being consumable.

Auto Trait Implementations§

impl Freeze for TokenStore

impl !RefUnwindSafe for TokenStore

impl Send for TokenStore

impl Sync for TokenStore

impl Unpin for TokenStore

impl UnsafeUnpin for TokenStore

impl !UnwindSafe for TokenStore

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,