aetos/mail-intake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
346cc5f6fb620a8398c3e1e2d8eeb32ed9a37a9f
mail-intake/mail_intake/auth/base.py
Vishesh 'ironeagle' Bangotra 4e63c36199 refactor(auth): type auth providers and decouple Google auth from disk storage 
- Make MailIntakeAuthProvider generic over credential type to enforce
  typed auth contracts between providers and adapters
- Refactor Google OAuth provider to use CredentialStore abstraction
  instead of filesystem-based pickle persistence
- Remove node-local state assumptions from Google auth implementation
- Clarify documentation to distinguish credential lifecycle from
  credential persistence responsibilities

This change enables distributed-safe authentication providers and
allows multiple credential persistence strategies without modifying
auth logic.
2026-01-10 16:40:51 +05:30

60 lines
2.0 KiB
Python
Raw Blame History

"""
Authentication provider contracts for Mail Intake.
This module defines the **authentication abstraction layer** used by mail
adapters to obtain provider-specific credentials.
Authentication concerns are intentionally decoupled from adapter logic.
Adapters depend only on this interface and must not be aware of how
credentials are acquired, refreshed, or persisted.
"""
from abc import ABC, abstractmethod
from typing import Generic, TypeVar
T = TypeVar("T")
class MailIntakeAuthProvider(ABC, Generic[T]):
"""
Abstract base class for authentication providers.
This interface enforces a strict contract between authentication
providers and mail adapters by requiring providers to explicitly
declare the type of credentials they return.
Authentication providers encapsulate all logic required to:
- Acquire credentials from an external provider
- Refresh or revalidate credentials as needed
- Handle authentication-specific failure modes
- Coordinate with credential persistence layers where applicable
Mail adapters must treat returned credentials as opaque and
provider-specific, relying only on the declared credential type
expected by the adapter.
"""
@abstractmethod
def get_credentials(self) -> T:
"""
Retrieve valid, provider-specific credentials.
This method is synchronous by design and represents the sole
entry point through which adapters obtain authentication
material.
Implementations must either return credentials of the declared
type ``T`` that are valid at the time of return or raise an
authentication-specific exception.
Returns:
Credentials of type ``T`` suitable for immediate use by the
corresponding mail adapter.
Raises:
Exception:
An authentication-specific exception indicating that
credentials could not be obtained or validated.
"""
raise NotImplementedError
Reference in New Issue View Git Blame Copy Permalink