Implement TokenStore with FRESH/STALE/EXPIRED state machine\n\nTask ID: task-1.4-token-store

Author: vikrantpuppala

rust/src/auth/oauth/cache.rs

@@ -27,13 +27,15 @@ use std::path::PathBuf;
 
 /// Cache key used for generating the cache filename.
 /// This struct is serialized to JSON and then hashed with SHA-256 to produce a unique filename.
+#[allow(dead_code)] // Used in Phase 3 (U2M)
 #[derive(Debug, Serialize, Deserialize)]
 struct CacheKey {
     host: String,
     client_id: String,
     scopes: Vec<String>,
 }
 
+#[allow(dead_code)] // Used in Phase 3 (U2M)
 impl CacheKey {
     /// Creates a new cache key from the given parameters.
     fn new(host: &str, client_id: &str, scopes: &[String]) -> Self {
@@ -67,8 +69,10 @@ impl CacheKey {
 /// set to `0o600` (owner read/write only) for security.
 ///
 /// Cache I/O errors are logged as warnings and never block authentication.
+#[allow(dead_code)] // Used in Phase 3 (U2M)
 pub(crate) struct TokenCache;
 
+#[allow(dead_code)] // Used in Phase 3 (U2M)
 impl TokenCache {
     /// Returns the cache directory path.
     /// Location: `~/.config/databricks-adbc/oauth/`
@@ -127,11 +131,7 @@ impl TokenCache {
                     Some(token)
                 }
                 Err(e) => {
-                    tracing::warn!(
-                        "Token cache corrupted at {:?}, ignoring: {}",
-                        cache_path,
-                        e
-                    );
+                    tracing::warn!("Token cache corrupted at {:?}, ignoring: {}", cache_path, e);
                     None
                 }
             },
@@ -342,7 +342,10 @@ mod tests {
             &["all-apis".to_string()],
         );
 
-        assert!(result.is_none(), "Load should return None for missing cache");
+        assert!(
+            result.is_none(),
+            "Load should return None for missing cache"
+        );
     }
 
     #[test]

rust/src/auth/oauth/mod.rs

@@ -24,6 +24,7 @@
 pub mod cache;
 pub mod oidc;
 pub mod token;
+pub(crate) mod token_store;
 
 // Re-export the main types
 pub use oidc::OidcEndpoints;

rust/src/auth/oauth/oidc.rs

@@ -181,7 +181,10 @@ mod tests {
             endpoints.authorization_endpoint,
             "https://example.com/oidc/v1/authorize"
         );
-        assert_eq!(endpoints.token_endpoint, "https://example.com/oidc/v1/token");
+        assert_eq!(
+            endpoints.token_endpoint,
+            "https://example.com/oidc/v1/token"
+        );
     }
 
     #[tokio::test]
@@ -241,10 +244,7 @@ mod tests {
         // Discovery should fail with deserialization error
         let result = OidcEndpoints::discover(&mock_server.uri(), &http_client).await;
 
-        assert!(
-            result.is_err(),
-            "Discovery should fail with missing fields"
-        );
+        assert!(result.is_err(), "Discovery should fail with missing fields");
         let error_msg = format!("{:?}", result.unwrap_err());
         assert!(
             error_msg.contains("Failed to parse OIDC discovery response"),
@@ -261,9 +261,7 @@ mod tests {
         // Mock with 404 response
         Mock::given(method("GET"))
             .and(path("/oidc/.well-known/oauth-authorization-server"))
-            .respond_with(
-                ResponseTemplate::new(404).set_body_string("Endpoint not found"),
-            )
+            .respond_with(ResponseTemplate::new(404).set_body_string("Endpoint not found"))
             .mount(&mock_server)
             .await;
 
@@ -293,9 +291,7 @@ mod tests {
         // Mock with 500 response
         Mock::given(method("GET"))
             .and(path("/oidc/.well-known/oauth-authorization-server"))
-            .respond_with(
-                ResponseTemplate::new(500).set_body_string("Internal server error"),
-            )
+            .respond_with(ResponseTemplate::new(500).set_body_string("Internal server error"))
             .mount(&mock_server)
             .await;
 
@@ -356,6 +352,9 @@ mod tests {
             endpoints.authorization_endpoint,
             "https://example.com/oidc/v1/authorize"
         );
-        assert_eq!(endpoints.token_endpoint, "https://example.com/oidc/v1/token");
+        assert_eq!(
+            endpoints.token_endpoint,
+            "https://example.com/oidc/v1/token"
+        );
     }
 }