iceberg-cpp
Loading...
Searching...
No Matches
Public Member Functions | Static Public Member Functions | List of all members
iceberg::rest::auth::AuthSession Class Referenceabstract

An authentication session that can authenticate outgoing HTTP requests. More...

#include <auth_session.h>

Inheritance diagram for iceberg::rest::auth::AuthSession:
iceberg::rest::auth::SigV4AuthSession

Public Member Functions

virtual Result< HttpRequestAuthenticate (HttpRequest request)=0
 Authenticate an outgoing HTTP request.
 
virtual Status Close ()
 Close the session and release any resources.
 

Static Public Member Functions

static std::shared_ptr< AuthSessionMakeDefault (std::unordered_map< std::string, std::string > headers)
 Create a default session with static headers.
 
static Result< std::shared_ptr< AuthSession > > MakeOAuth2 (const OAuthTokenResponse &initial_token, const std::string &token_endpoint, const std::string &client_id, const std::string &client_secret, const std::string &scope, bool keep_refreshed, const std::unordered_map< std::string, std::string > &optional_oauth_params, HttpClient &client)
 Create an OAuth2 session with automatic token refresh.
 

Detailed Description

An authentication session that can authenticate outgoing HTTP requests.

Member Function Documentation

◆ Authenticate()

virtual Result< HttpRequest > iceberg::rest::auth::AuthSession::Authenticate ( HttpRequest  request)
pure virtual

Authenticate an outgoing HTTP request.

Returns a request with authentication information (e.g., an Authorization header) added. Implementations must be idempotent. The request is passed by value so callers can move request bodies into the authentication path.

Parameters
requestThe request to authenticate.
Returns
The authenticated request on success, or one of:
  • AuthenticationFailed: General authentication failure (invalid credentials, etc.)
  • TokenExpired: Authentication token has expired and needs refresh
  • NotAuthorized: Not authenticated (401)
  • IOError: Network or connection errors when reaching auth server
  • RestError: HTTP errors from authentication service

Implemented in iceberg::rest::auth::SigV4AuthSession.

◆ Close()

virtual Status iceberg::rest::auth::AuthSession::Close ( )
inlinevirtual

Close the session and release any resources.

This method is called when the session is no longer needed. For stateful sessions (e.g., OAuth2 with token refresh), this should stop any background threads and release resources.

Returns
Status indicating success or failure of closing the session.

Reimplemented in iceberg::rest::auth::SigV4AuthSession.

◆ MakeDefault()

std::shared_ptr< AuthSession > iceberg::rest::auth::AuthSession::MakeDefault ( std::unordered_map< std::string, std::string >  headers)
static

Create a default session with static headers.

This factory method creates a session that adds a fixed set of headers to each request. It is suitable for authentication methods that use static credentials, such as Basic auth or static bearer tokens.

Parameters
headersThe headers to add to each request for authentication.
Returns
A new session that adds the given headers to requests.

◆ MakeOAuth2()

Result< std::shared_ptr< AuthSession > > iceberg::rest::auth::AuthSession::MakeOAuth2 ( const OAuthTokenResponse initial_token,
const std::string &  token_endpoint,
const std::string &  client_id,
const std::string &  client_secret,
const std::string &  scope,
bool  keep_refreshed,
const std::unordered_map< std::string, std::string > &  optional_oauth_params,
HttpClient client 
)
static

Create an OAuth2 session with automatic token refresh.

This factory method creates a session that holds an access token and, when keep_refreshed is enabled, schedules background refresh based on token expiration. Authenticate() uses the latest cached Authorization header and does not perform a synchronous token refresh.

Parameters
initial_tokenThe initial token response from FetchToken().
token_endpointFull URL of the OAuth2 token endpoint for refresh.
client_idOAuth2 client ID for refresh requests.
client_secretOAuth2 client secret for re-fetch if refresh fails.
scopeOAuth2 scope for refresh requests.
keep_refreshedWhether to schedule automatic token refresh.
optional_oauth_paramsOptional OAuth params (audience, resource) for refresh.
clientHTTP client for making refresh requests. The caller owns the client and must keep it alive until the session is closed.
Returns
A new session that manages token lifecycle automatically.

The documentation for this class was generated from the following files: