Token Manager¶

class TokenManager(config: ConfigManager)[source]¶

The TokenManager class handles all operations related to the token lifecycle, including fetching, saving, and validating the access token.

It is initialized with a ConfigManager instance, which provides the necessary credentials.

Parameters:: config (ConfigManager) – A ConfigManager instance for managing credentials and configurations.

load_token() → AccessToken[source]¶

Loads the AccessToken and its expiration from the keyring.

If either the AccessToken string or AccessToken expiration cannot be retrieved, a CredentialError is raised.

Returns:: An AccessToken object containing the token and its expiration date.
Return type:: AccessToken

attach_client() → JamfCredentials[source]¶

Creates and returns a JamfCredentials object using the stored credentials.

Returns:: The JamfCredentials object if validation is successful.
Return type:: JamfCredentials
Raises:: PatcherError – If JamfCredentials object fails pydantic validation.

async fetch_token() → AccessToken[source]¶

Asynchronously fetches a new access token from the Jamf API. The token is then saved and returned for use.

Returns:: The fetched AccessToken instance.
Return type:: AccessToken
Raises:: TokenError – If a token cannot be retrieved from the Jamf API.

save_token(token: AccessToken)[source]¶

This method stores the access token and its expiration date in the keyring for later retrieval.

Parameters:: token (AccessToken) – The AccessToken instance containing the token and its expiration date.
Raises:: TokenError – If either the token string or expiration could not be saved.

async ensure_valid_token() → AccessToken[source]¶

Verify the current access token is valid (present and not expired); refresh it if not. Pydantic ValidationError from the underlying token or client objects is translated to TokenError so callers see a single, consistent exception type for token-validation failures.

Called by _headers() on every Jamf request. Every API method on JamfClient builds its headers via that method, so token validation runs exactly once per request without a separate decorator.

Returns:: The AccessToken object by way of self.token property.
Return type:: AccessToken
Raises:: TokenError – If the access token or jamf client fail pydantic validation, or if a refresh attempt fails.