@spec child_spec(keyword()) :: Supervisor.child_spec()

Returns a child spec for starting the credential server under a supervisor.

Examples

children = [
  {ExAzureIdentity,
    name: MyApp.AzureToken,
    source: {:client_assertion, config}}
]

@spec fetch(term()) :: {:ok, map()} | {:error, term()}

Fetches the current token from a credential server.

Returns the cached token if available and still valid, otherwise fetches a new one from the token source.

Parameters

• name - The name of the credential server

Returns

• {:ok, token} - A map containing the access token and metadata
• {:error, reason} - An error tuple with the failure reason

Examples

{:ok, token} = ExAzureCore.Auth.fetch(MyApp.AzureToken)
token.access_token
#=> "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik..."
token.expires_at
#=> 1234567890

@spec fetch!(term()) :: map()

Fetches the current token from a credential server, raising on error.

Parameters

• name - The name of the credential server

Returns

A map containing the access token and metadata.

Raises

Raises a runtime error if the token cannot be fetched.

Examples

token = ExAzureCore.Auth.fetch!(MyApp.AzureToken)
token.access_token
#=> "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik..."

@spec start_link(keyword()) :: GenServer.on_start()

Starts a credential server.

This function is typically called via a child spec in a supervision tree.

Options

See module documentation for available options.

Examples

{:ok, pid} = ExAzureCore.Auth.start_link(
  name: :my_credential,
  source: {:client_assertion, %{
    tenant_id: "...",
    client_id: "...",
    scope: "https://graph.microsoft.com/.default",
    provider: :aws_cognito,
    provider_opts: [identity_id: "..."]
  }}
)