Skip to content

fix(python-client): Avoid mutable default argument in TokenGenerator#336

Merged
lcian merged 9 commits intomainfrom
fix/mutable-default-permissions
Feb 24, 2026
Merged

fix(python-client): Avoid mutable default argument in TokenGenerator#336
lcian merged 9 commits intomainfrom
fix/mutable-default-permissions

Conversation

@lcian
Copy link
Copy Markdown
Member

@lcian lcian commented Feb 24, 2026

Summary

Test plan

  • ruff format / ruff check / mypy — clean

lcian added 8 commits February 23, 2026 13:43
@lcian
feat(clients): Add static token auth option to Rust and Python clients
35265e3 
Add a `token` option that accepts a pre-signed JWT string and sets it
as the Authorization header on every request. This is intended for
external services that receive a token from another source and don't
have access to the EdDSA signing key.

The static token takes precedence over a TokenGenerator if both are
configured. Documentation across both clients clarifies when to use
each option.
@lcian
ref(clients): Move static token from Client to Session
d4503ff 
A token is scoped to a specific usecase and scope, so it belongs on
the session rather than the client.

Rust: Session::with_token() builder method
Python: token parameter on Client.session()
@lcian
fix(clients): Make token_generator take precedence over static token
f12ddc7 
When both a TokenGenerator and a static token are configured, the
TokenGenerator now takes precedence since it generates fresh,
properly-scoped tokens for each request.
@lcian
fix(clients): Redact static token in Session Debug output
7fd7b1e 
Prevent the JWT from leaking in logs by implementing Debug manually
instead of deriving it, matching the pattern used by SecretKey.
@lcian
ref(clients): Unify token_generator and static token into a single to…
f570ad2 
…ken param

Introduce a TokenProvider enum (Rust) and Token type alias (Python) that
accepts either a TokenGenerator or a static JWT string. Authentication is
now configured once on the Client/ClientBuilder instead of being split
between Client and Session.
@lcian
Merge remote-tracking branch 'origin/main' into feat/static-token-auth
1e2d419 
# Conflicts:
#	clients/python/src/objectstore_client/client.py
@lcian
ref(clients): Rename Token to TokenProvider and document static token…
ceffd4a 
… usage

Rename the Python type alias from Token to TokenProvider to match Rust.
Add documentation on how to obtain a static token from a TokenGenerator.
@lcian
fix(python-client): Avoid mutable default argument in TokenGenerator
6bf257e 
Use None as the default for `permissions` and create a fresh list
inside the function body to avoid the mutable default argument
anti-pattern.
@lcian lcian requested a review from a team as a code owner February 24, 2026 11:37
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 24, 2026
edited
Loading

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

  • (clients) Add static token auth, consolidate token generator by lcian in #330
  • (python-client) Improve retries for compressed bodies by lcian in #329

Bug Fixes 🐛

  • (python-client) Avoid mutable default argument in TokenGenerator by lcian in #336
  • (rust-client) Check HTTP status on DELETE responses by lcian in #333

🤖 This preview updates automatically when you update the PR.

Base automatically changed from feat/static-token-auth to main February 24, 2026 12:35
@lcian lcian enabled auto-merge (squash) February 24, 2026 12:36
@lcian lcian merged commit 6fdb9a2 into main Feb 24, 2026
21 checks passed
@lcian lcian deleted the fix/mutable-default-permissions branch February 24, 2026 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jan-auer jan-auer jan-auer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lcian @jan-auer