Represents a TrueLayer OAuth2 access token with expiry tracking.
Token isolation
The :token_type field enforces strict isolation between Payments tokens
(used by Payments, Payouts, Mandates) and Data tokens (used by the Data API).
A Data token can never authorise a Payments API call — the :token_type
discriminant is checked before every request.
Summary
Functions
Returns an {"authorization", "Bearer <token>"} header tuple,
ready to merge into a request headers map.
Returns true when this token is expired and should not be used.
Build a Token from a raw OAuth2 response map.
Types
@type t() :: %TruelayerClient.Auth.Token{ access_token: String.t(), expires_at: DateTime.t(), refresh_token: String.t() | nil, scopes: [String.t()], token_type: token_type() }
@type token_type() :: :payments | :data
Functions
Returns an {"authorization", "Bearer <token>"} header tuple,
ready to merge into a request headers map.
Returns true when this token is expired and should not be used.
The 30-second buffer applied in from_response/2 ensures tokens are
refreshed before the server rejects them.
@spec from_response(map(), token_type()) :: t()
Build a Token from a raw OAuth2 response map.
Applies a 30-second safety buffer to expires_at to account for clock skew
and network latency between token acquisition and first use.