Token Manager defines a common implementation of the auth.account.TokenManager FIDL protocol and underlying database that may be used by both Token Manager Factory and Account Handler.
Clients of this library must supply the path to use for the credential database and an implementations of the
AuthProviderSupplier trait that can supply AuthProvider channels given an auth_provider_type. Each request to Token Manager must also be associated with a
lib.rs defines important types that clients of the library must supply:
TokenManagerContextstruct defines the context that a particular request to the token manager was received in. This contains the url of the component using the TokenManager channel, and the client end of a fuchsia.context.AuthenticationContextProvider channel.
AuthProviderSuppliertrait supplies the client end of a fuchsia.auth.AuthProvider channel given a particular
TokenManager implements the fuchsia.auth.TokenManager FIDL protocol and may be instantiated by clients of the library.
TokenManagerError defines an Error type implementing failure::Fail and containing the most appropriate fuchsia.auth.Status to communicate the error over FIDL.
Currently requests from different components are not isolated, i.e. the TokenManagerContext is ignored. In the future it is likely that some isolation will be introduced so that unrelated components from different vendors cannot directly access each other's tokens. However, additional design work is required to retain sharing in certain cases (e.g. between components from the same vendor or between different vendors given explicit user consent).
Potentially the protocol between Token Manager and Auth Providers will be redesigned to better enable additional types of authentication token in the future.