Skip to content

ccproxy.auth.managers.token_snapshot

ccproxy.auth.managers.token_snapshot

Shared token snapshot model for credential managers.

TokenSnapshot dataclass 

TokenSnapshot(
    provider=None,
    account_id=None,
    access_token=None,
    refresh_token=None,
    expires_at=None,
    scopes=(),
    extras=dict(),
)

Immutable view over sensitive token metadata.

Token managers return this lightweight structure to share credential state without exposing implementation details. Secrets should only appear in the access/refresh token fields and remain masked when rendered via the helper methods.

has_access_token 

has_access_token()

Whether an access token is present.

Source code in ccproxy/auth/managers/token_snapshot.py 
29
30
31
def has_access_token(self) -> bool:
    """Whether an access token is present."""
    return bool(self.access_token)

has_refresh_token 

has_refresh_token()

Whether a refresh token is present.

Source code in ccproxy/auth/managers/token_snapshot.py 
33
34
35
def has_refresh_token(self) -> bool:
    """Whether a refresh token is present."""
    return bool(self.refresh_token)

access_token_preview 

access_token_preview(visible=8)

Return a masked preview of the access token.

Source code in ccproxy/auth/managers/token_snapshot.py 
37
38
39
40
41
42
43
44
def access_token_preview(self, visible: int = 8) -> str | None:
    """Return a masked preview of the access token."""
    token = self.access_token
    if not token:
        return None
    if visible <= 0 or len(token) <= visible * 2:
        return "*" * len(token)
    return f"{token[:visible]}...{token[-visible:]}"

refresh_token_preview 

refresh_token_preview(visible=4)

Return a masked preview of the refresh token.

Source code in ccproxy/auth/managers/token_snapshot.py 
46
47
48
49
50
51
52
53
def refresh_token_preview(self, visible: int = 4) -> str | None:
    """Return a masked preview of the refresh token."""
    token = self.refresh_token
    if not token:
        return None
    if visible <= 0 or len(token) <= visible * 2:
        return "*" * len(token)
    return f"{token[:visible]}...{token[-visible:]}"

expires_in_seconds 

expires_in_seconds()

Return seconds until expiration when available.

Source code in ccproxy/auth/managers/token_snapshot.py 
55
56
57
58
59
60
61
def expires_in_seconds(self) -> int | None:
    """Return seconds until expiration when available."""
    if not self.expires_at:
        return None
    now = datetime.now(UTC)
    delta = self.expires_at - now
    return max(0, int(delta.total_seconds()))

with_scopes 

with_scopes(scopes)

Return a copy with the provided scopes tuple.

Source code in ccproxy/auth/managers/token_snapshot.py 
63
64
65
66
67
68
69
70
71
72
73
74
def with_scopes(self, scopes: Iterable[str]) -> TokenSnapshot:
    """Return a copy with the provided scopes tuple."""
    scope_tuple = tuple(scope for scope in scopes if scope)
    return TokenSnapshot(
        provider=self.provider,
        account_id=self.account_id,
        access_token=self.access_token,
        refresh_token=self.refresh_token,
        expires_at=self.expires_at,
        scopes=scope_tuple,
        extras=dict(self.extras),
    )