feat(clients): implement JWT bearer auth

clients/python/src/objectstore_client/client.py

@@ -97,6 +97,7 @@ def __init__(
         base_url: str,
         metrics_backend: MetricsBackend | None = None,
         propagate_traces: bool = False,
+        auth_token: str | None = None,
         retries: int | None = None,
         timeout_ms: float | None = None,
         connection_kwargs: Mapping[str, Any] | None = None,
@@ -125,6 +126,7 @@ def __init__(
         self._base_path = urlparse(base_url).path
         self._metrics_backend = metrics_backend or NoOpMetricsBackend()
         self._propagate_traces = propagate_traces
+        self._auth_token = auth_token
 
     def session(self, usecase: Usecase, **scopes: str | int | bool) -> Session:
         """
@@ -177,6 +179,7 @@ def session(self, usecase: Usecase, **scopes: str | int | bool) -> Session:
             self._base_path,
             self._metrics_backend,
             self._propagate_traces,
+            self._auth_token,
             usecase,
             scope_str,
         )
@@ -195,13 +198,15 @@ def __init__(
         base_path: str,
         metrics_backend: MetricsBackend,
         propagate_traces: bool,
+        auth_token: str | None,
         usecase: Usecase,
         scope: str,
     ):
         self._pool = pool
         self._base_path = base_path
         self._metrics_backend = metrics_backend
         self._propagate_traces = propagate_traces
+        self._auth_token = auth_token
         self._usecase = usecase
         self._scope = scope
 
@@ -211,6 +216,8 @@ def _make_headers(self) -> dict[str, str]:
             headers.update(
                 dict(sentry_sdk.get_current_scope().iter_trace_propagation_headers())
             )
+        if self._auth_token:
+            headers["Authorization"] = f"Bearer {self._auth_token}"
         return headers
 
     def _make_url(self, key: str | None, full: bool = False) -> str:

clients/rust/src/client.rs

@@ -15,6 +15,7 @@ const USER_AGENT: &str = concat!("objectstore-client/", env!("CARGO_PKG_VERSION"
 struct ClientBuilderInner {
     service_url: Url,
     propagate_traces: bool,
+    auth_token: Option<String>,
     reqwest_builder: reqwest::ClientBuilder,
 }
 
@@ -67,10 +68,19 @@ impl ClientBuilder {
         Self(Ok(ClientBuilderInner {
             service_url,
             propagate_traces: false,
+            auth_token: None,
             reqwest_builder,
         }))
     }
 
+    /// Sets the authorization token that will be used on each request to Objectstore.
+    pub fn auth_token(mut self, auth_token: String) -> Self {
+        if let Ok(ref mut inner) = self.0 {
+            inner.auth_token = Some(auth_token);
+        }
+        self
+    }
+
     /// Changes whether the `sentry-trace` header will be sent to Objectstore
     /// to take advantage of Sentry's distributed tracing.
     ///
@@ -123,6 +133,7 @@ impl ClientBuilder {
                 reqwest: inner.reqwest_builder.build()?,
                 service_url: inner.service_url,
                 propagate_traces: inner.propagate_traces,
+                auth_token: inner.auth_token,
             }),
         })
     }
@@ -348,6 +359,7 @@ pub(crate) struct ClientInner {
     reqwest: reqwest::Client,
     service_url: Url,
     propagate_traces: bool,
+    auth_token: Option<String>,
 }
 
 /// A client for Objectstore. Use [`Client::builder`] to configure and construct a Client.
@@ -455,6 +467,10 @@ impl Session {
 
         let mut builder = self.client.reqwest.request(method, url);
 
+        if let Some(auth_token) = &self.client.auth_token {
+            builder = builder.bearer_auth(auth_token);
+        }
+
         if self.client.propagate_traces {
             let trace_headers =
                 sentry_core::configure_scope(|scope| Some(scope.iter_trace_propagation_headers()));