messieurMe
diff --git a/‎CHANGELOG.md‎
Lines changed: 18 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎examples/src/BasicExample/BasicExample.cs‎
Lines changed: 1 addition & 1 deletion b/‎examples/src/BasicExample/BasicExample.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎examples/src/Common/AuthUtils.cs‎
Lines changed: 3 additions & 3 deletions b/‎examples/src/Common/AuthUtils.cs‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎examples/src/QueryExample/QueryExample.cs‎
Lines changed: 1 addition & 1 deletion b/‎examples/src/QueryExample/QueryExample.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Ydb.Sdk/src/Ado/YdbConnectionStringBuilder.cs‎
Lines changed: 4 additions & 4 deletions b/‎src/Ydb.Sdk/src/Ado/YdbConnectionStringBuilder.cs‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/Ydb.Sdk/src/Auth/AnonymousProvider.cs‎
Lines changed: 0 additions & 6 deletions b/‎src/Ydb.Sdk/src/Auth/AnonymousProvider.cs‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎src/Ydb.Sdk/src/Auth/CachedCredentialsProvider.cs‎
Lines changed: 272 additions & 0 deletions b/‎src/Ydb.Sdk/src/Auth/CachedCredentialsProvider.cs‎
Lines changed: 272 additions & 0 deletions
diff --git a/‎src/Ydb.Sdk/src/Auth/ICredentialsProvider.cs‎
Lines changed: 6 additions & 8 deletions b/‎src/Ydb.Sdk/src/Auth/ICredentialsProvider.cs‎
Lines changed: 6 additions & 8 deletions
@@ -1,3 +1,21 @@
+- **Breaking Change**: `Ydb.Sdk.Yc.Auth` version <= 0.1.0 is not compatible with newer versions.
+- Added `IAuthClient` to fetch auth token.
+- Added the `CachedCredentialsProvider` class, which streamlines token lifecycle management.
+- **Breaking Change**: Deleted `AnonymousProvider`. Now users don't need to do anything for anonymous authentication.
+  Migration guide:
+  ```c#
+  var config = new DriverConfig(...); // Using AnonymousProvider if Credentials property is null
+  ```
+- **Breaking Change**: Deleted `StaticCredentialsProvider`. Users are now recommended to use the `User` and `Password`
+  properties in `DriverConfig` for configuring authentication. Migration guide:
+  ```c#
+  var config = new DriverConfig(...)
+  {
+      User = "your_username",
+      Password = "your_password"
+  };
+  ```
+
 ## v0.15.4
 
 - Added `KeepAlivePingTimeout`, with a default value of 10 seconds.
 
@@ -15,7 +15,7 @@ private BasicExample(TableClient client, string database, string path)
     public static async Task Run(
         string endpoint,
         string database,
-        ICredentialsProvider credentialsProvider,
+        ICredentialsProvider? credentialsProvider,
         X509Certificate? customServerCertificate,
         string path,
         ILoggerFactory loggerFactory)
 
@@ -9,7 +9,7 @@ namespace Ydb.Sdk.Examples;
 
 public static class AuthUtils
 {
-    public static async Task<ICredentialsProvider> MakeCredentialsFromEnv(
+    public static async Task<ICredentialsProvider?> MakeCredentialsFromEnv(
         bool fallbackAnonymous = false,
         ILoggerFactory? loggerFactory = null)
     {
@@ -26,7 +26,7 @@ public static async Task<ICredentialsProvider> MakeCredentialsFromEnv(
         var anonymousValue = Environment.GetEnvironmentVariable("YDB_ANONYMOUS_CREDENTIALS");
         if (anonymousValue != null && IsTrueValue(anonymousValue))
         {
-            return new AnonymousProvider();
+            return null;
         }
 
         var metadataValue = Environment.GetEnvironmentVariable("YDB_METADATA_CREDENTIALS");
@@ -46,7 +46,7 @@ public static async Task<ICredentialsProvider> MakeCredentialsFromEnv(
 
         if (fallbackAnonymous)
         {
-            return new AnonymousProvider();
+            return null;
         }
 
         throw new InvalidOperationException("Failed to parse credentials from environmet, no valid options found.");
 
@@ -20,7 +20,7 @@ private QueryExample(QueryClient client, string database, string path)
     public static async Task Run(
         string endpoint,
         string database,
-        ICredentialsProvider credentialsProvider,
+        ICredentialsProvider? credentialsProvider,
         X509Certificate? customServerCertificate,
         string path,
         ILoggerFactory loggerFactory)
 
@@ -220,14 +220,12 @@ public override object this[string keyword]
 
     internal Task<Driver> BuildDriver()
     {
-        var credentialsProvider = CredentialsProvider ??
-                                  (User != null ? new StaticCredentialsProvider(User, Password) : null);
         var cert = RootCertificate != null ? X509Certificate.CreateFromCertFile(RootCertificate) : null;
 
         return Driver.CreateInitialized(new DriverConfig(
             endpoint: Endpoint,
             database: Database,
-            credentials: credentialsProvider,
+            credentials: CredentialsProvider,
             customServerCertificate: cert,
             customServerCertificates: ServerCertificates
         )
@@ -237,7 +235,9 @@ internal Task<Driver> BuildDriver()
                 : TimeSpan.FromSeconds(KeepAlivePingDelay),
             KeepAlivePingTimeout = KeepAlivePingTimeout == 0
                 ? Timeout.InfiniteTimeSpan
-                : TimeSpan.FromSeconds(KeepAlivePingTimeout)
+                : TimeSpan.FromSeconds(KeepAlivePingTimeout),
+            User = User,
+            Password = Password
         }, LoggerFactory);
     }
 
 
@@ -0,0 +1,272 @@
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Abstractions;
+
+namespace Ydb.Sdk.Auth;
+
+public class CachedCredentialsProvider : ICredentialsProvider
+{
+    private readonly IClock _clock;
+    private readonly IAuthClient _authClient;
+
+    private ILogger<CachedCredentialsProvider> Logger { get; }
+
+    private volatile ITokenState _tokenState;
+
+    public CachedCredentialsProvider(
+        IAuthClient authClient,
+        ILoggerFactory? loggerFactory = null
+    )
+    {
+        _clock = new SystemClock();
+        _authClient = authClient;
+        _tokenState = new SyncState(this);
+        _tokenState.Init();
+
+        loggerFactory ??= new NullLoggerFactory();
+        Logger = loggerFactory.CreateLogger<CachedCredentialsProvider>();
+    }
+
+    internal CachedCredentialsProvider(IAuthClient authClient, IClock clock) : this(authClient)
+    {
+        _clock = clock;
+    }
+
+    public async ValueTask<string> GetAuthInfoAsync() =>
+        (await _tokenState.Validate(_clock.UtcNow)).TokenResponse.Token;
+
+    private Task<TokenResponse> FetchToken() => _authClient.FetchToken();
+
+    private ITokenState UpdateState(ITokenState current, ITokenState next)
+    {
+        if (Interlocked.CompareExchange(ref _tokenState, next, current) == current)
+        {
+            next.Init();
+        }
+
+        return _tokenState;
+    }
+
+    private interface ITokenState
+    {
+        TokenResponse TokenResponse { get; }
+
+        ValueTask<ITokenState> Validate(DateTime now);
+
+        void Init()
+        {
+        }
+    }
+
+    private class ActiveState : ITokenState
+    {
+        private readonly CachedCredentialsProvider _cachedCredentialsProvider;
+
+        public ActiveState(TokenResponse tokenResponse, CachedCredentialsProvider cachedCredentialsProvider)
+        {
+            TokenResponse = tokenResponse;
+            _cachedCredentialsProvider = cachedCredentialsProvider;
+        }
+
+        public TokenResponse TokenResponse { get; }
+
+        public async ValueTask<ITokenState> Validate(DateTime now)
+        {
+            if (now < TokenResponse.ExpiredAt)
+            {
+                return now >= TokenResponse.RefreshAt
+                    ? _cachedCredentialsProvider.UpdateState(
+                        this,
+                        new BackgroundState(TokenResponse, _cachedCredentialsProvider)
+                    )
+                    : this;
+            }
+
+            _cachedCredentialsProvider.Logger.LogWarning(
+                "Token has expired. ExpiredAt: {ExpiredAt}, CurrentTime: {CurrentTime}. " +
+                "Switching to synchronous state to fetch a new token",
+                TokenResponse.ExpiredAt, now
+            );
+
+            return await _cachedCredentialsProvider
+                .UpdateState(this, new SyncState(_cachedCredentialsProvider))
+                .Validate(now);
+        }
+    }
+
+    private class SyncState : ITokenState
+    {
+        private readonly TaskCompletionSource<TokenResponse> _fetchTokenResponseTcs = new();
+
+        private readonly CachedCredentialsProvider _cachedCredentialsProvider;
+
+        public SyncState(CachedCredentialsProvider cachedCredentialsProvider)
+        {
+            _cachedCredentialsProvider = cachedCredentialsProvider;
+        }
+
+        public TokenResponse TokenResponse =>
+            throw new InvalidOperationException("Get token for unfinished sync state");
+
+        public async ValueTask<ITokenState> Validate(DateTime now)
+        {
+            try
+            {
+                var tokenResponse = await _fetchTokenResponseTcs.Task;
+
+                _cachedCredentialsProvider.Logger.LogDebug(
+                    "Successfully fetched token. ExpiredAt: {ExpiredAt}, RefreshAt: {RefreshAt}",
+                    tokenResponse.ExpiredAt, tokenResponse.RefreshAt
+                );
+
+                return _cachedCredentialsProvider.UpdateState(this,
+                    new ActiveState(tokenResponse, _cachedCredentialsProvider));
+            }
+            catch (Exception e)
+            {
+                _cachedCredentialsProvider.Logger.LogCritical(e, "Error on authentication token update");
+
+                return _cachedCredentialsProvider.UpdateState(this, new ErrorState(e, _cachedCredentialsProvider));
+            }
+        }
+
+        public async void Init()
+        {
+            try
+            {
+                var tokenResponse = await _cachedCredentialsProvider.FetchToken();
+
+                _fetchTokenResponseTcs.SetResult(tokenResponse);
+            }
+            catch (Exception e)
+            {
+                _fetchTokenResponseTcs.SetException(e);
+            }
+        }
+    }
+
+    private class BackgroundState : ITokenState
+    {
+        private readonly TaskCompletionSource<TokenResponse> _fetchTokenResponseTcs = new();
+
+        private readonly CachedCredentialsProvider _cachedCredentialsProvider;
+
+        public BackgroundState(TokenResponse tokenResponse,
+            CachedCredentialsProvider cachedCredentialsProvider)
+        {
+            TokenResponse = tokenResponse;
+            _cachedCredentialsProvider = cachedCredentialsProvider;
+        }
+
+        public TokenResponse TokenResponse { get; }
+
+        public async ValueTask<ITokenState> Validate(DateTime now)
+        {
+            var fetchTokenTask = _fetchTokenResponseTcs.Task;
+
+            if (fetchTokenTask.IsCanceled || fetchTokenTask.IsFaulted)
+            {
+                _cachedCredentialsProvider.Logger.LogWarning(
+                    "Fetching token task failed. Status: {Status}, Retrying login...",
+                    fetchTokenTask.IsCanceled ? "Canceled" : "Faulted"
+                );
+
+                return now >= TokenResponse.ExpiredAt
+                    ? await _cachedCredentialsProvider
+                        .UpdateState(this, new SyncState(_cachedCredentialsProvider))
+                        .Validate(now)
+                    : _cachedCredentialsProvider
+                        .UpdateState(this, new BackgroundState(TokenResponse, _cachedCredentialsProvider));
+            }
+
+            if (fetchTokenTask.IsCompleted)
+            {
+                return _cachedCredentialsProvider
+                    .UpdateState(this, new ActiveState(await fetchTokenTask, _cachedCredentialsProvider));
+            }
+
+            if (now < TokenResponse.ExpiredAt)
+            {
+                return this;
+            }
+
+            try
+            {
+                var tokenResponse = await fetchTokenTask;
+
+                _cachedCredentialsProvider.Logger.LogDebug(
+                    "Successfully fetched token. ExpiredAt: {ExpiredAt}, RefreshAt: {RefreshAt}",
+                    tokenResponse.ExpiredAt, tokenResponse.RefreshAt
+                );
+
+                return _cachedCredentialsProvider.UpdateState(this,
+                    new ActiveState(tokenResponse, _cachedCredentialsProvider));
+            }
+            catch (Exception e)
+            {
+                _cachedCredentialsProvider.Logger.LogCritical(e, "Error on authentication token update");
+
+                return _cachedCredentialsProvider.UpdateState(this, new ErrorState(e, _cachedCredentialsProvider));
+            }
+        }
+
+        public async void Init()
+        {
+            try
+            {
+                var tokenResponse = await _cachedCredentialsProvider.FetchToken();
+
+                _fetchTokenResponseTcs.SetResult(tokenResponse);
+            }
+            catch (Exception e)
+            {
+                _fetchTokenResponseTcs.SetException(e);
+            }
+        }
+    }
+
+    private class ErrorState : ITokenState
+    {
+        private readonly Exception _exception;
+        private readonly CachedCredentialsProvider _managerCredentialsProvider;
+
+        public ErrorState(Exception exception, CachedCredentialsProvider managerCredentialsProvider)
+        {
+            _exception = exception;
+            _managerCredentialsProvider = managerCredentialsProvider;
+        }
+
+        public TokenResponse TokenResponse => throw _exception;
+
+        public ValueTask<ITokenState> Validate(DateTime now) => _managerCredentialsProvider
+            .UpdateState(this, new SyncState(_managerCredentialsProvider))
+            .Validate(now);
+    }
+}
+
+public class TokenResponse
+{
+    private const double RefreshInterval = 0.5;
+
+    public TokenResponse(string token, DateTime expiredAt, DateTime? refreshAt = null)
+    {
+        var now = DateTime.UtcNow;
+
+        Token = token;
+        ExpiredAt = expiredAt.ToUniversalTime();
+        RefreshAt = refreshAt?.ToUniversalTime() ?? now + (ExpiredAt - now) * RefreshInterval;
+    }
+
+    public string Token { get; }
+    public DateTime ExpiredAt { get; }
+    public DateTime RefreshAt { get; }
+}
+
+public interface IClock
+{
+    DateTime UtcNow { get; }
+}
+
+internal class SystemClock : IClock
+{
+    public DateTime UtcNow => DateTime.UtcNow;
+}
@@ -1,13 +1,11 @@
-using Ydb.Sdk.Services.Auth;
-
-namespace Ydb.Sdk.Auth;
+namespace Ydb.Sdk.Auth;
 
 public interface ICredentialsProvider
 {
-    // For removal in 1.*
-    string? GetAuthInfo();
-
-    ValueTask<string?> GetAuthInfoAsync() => ValueTask.FromResult(GetAuthInfo());
+    ValueTask<string> GetAuthInfoAsync();
+}
 
-    Task ProvideAuthClient(AuthClient authClient) => Task.CompletedTask;
+public interface IAuthClient
+{
+    Task<TokenResponse> FetchToken();
 }
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ namespace Ydb.Sdk.Examples;`
`9`	`9`
`10`	`10`	`public static class AuthUtils`
`11`	`11`	`{`
`12`		`- public static async Task<ICredentialsProvider> MakeCredentialsFromEnv(`
	`12`	`+ public static async Task<ICredentialsProvider?> MakeCredentialsFromEnv(`
`13`	`13`	`bool fallbackAnonymous = false,`
`14`	`14`	`ILoggerFactory? loggerFactory = null)`
`15`	`15`	`{`
`@@ -26,7 +26,7 @@ public static async Task<ICredentialsProvider> MakeCredentialsFromEnv(`
`26`	`26`	`var anonymousValue = Environment.GetEnvironmentVariable("YDB_ANONYMOUS_CREDENTIALS");`
`27`	`27`	`if (anonymousValue != null && IsTrueValue(anonymousValue))`
`28`	`28`	`{`
`29`		`- return new AnonymousProvider();`
	`29`	`+ return null;`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`var metadataValue = Environment.GetEnvironmentVariable("YDB_METADATA_CREDENTIALS");`
`@@ -46,7 +46,7 @@ public static async Task<ICredentialsProvider> MakeCredentialsFromEnv(`
`46`	`46`
`47`	`47`	`if (fallbackAnonymous)`
`48`	`48`	`{`
`49`		`- return new AnonymousProvider();`
	`49`	`+ return null;`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`throw new InvalidOperationException("Failed to parse credentials from environmet, no valid options found.");`