Module oauth 

OAuth2 (authorization-code + refresh) for service-node connections.

Vendor-neutral: every endpoint (authorize / token URL), client id, scope set, and redirect URI is supplied by the caller from catalog + operator data - nothing about any specific provider is hard-coded here. Tokens are stored in the OS keyring under the service:<slug> account as a JSON OAuthToken.

Structs

OAuthToken

A stored OAuth2 token bundle. Serialized to JSON in the keyring.

Enums

OAuthError

Functions

accept_oauth_code

Wait on listener for the provider’s redirect and return the code once a request arrives whose state matches expected_state. Serves a tiny “you can close this tab” page; ignores non-callback hits (e.g. favicon).

bind_loopback

Bind a one-shot loopback listener for the OAuth redirect on 127.0.0.1:<port>. Bind before opening the browser so the redirect can never arrive before we’re listening.

build_authorize_url

Build the authorization-code consent URL the user opens in a browser.

exchange_code

Exchange an authorization code for a token bundle.

load_token

Load a token bundle from the keyring. Returns Ok(None) when none is stored.

refresh

Refresh an access token using a stored refresh token.

store_token

Persist a token bundle to the keyring under service:<slug>.