From adfa8fc3d850ce7cd32ebf9e5d428277d44c9f6a Mon Sep 17 00:00:00 2001
From: Jacob Brewer <Jacob.brewer@bthree.uk>
Date: Fri, 24 Jan 2025 16:29:54 +0000
Subject: [PATCH] feat(auth): Adding token auth (#39)

Adding token auth
---
 client.go      |  2 --
 client_opts.go | 22 ++++++++++++++++++++--
 token.go       |  8 ++++++++
 3 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 token.go

diff --git a/client.go b/client.go
index 097483a..1a87798 100644
--- a/client.go
+++ b/client.go
@@ -89,8 +89,6 @@ func NewClient(opts ...ClientOption) (Client, error) {
 
 	c.authCreds = authCreds
 
-	go c.renewAuthInfo()
-
 	return c, nil
 }
 
diff --git a/client_opts.go b/client_opts.go
index f1d0109..7735e10 100644
--- a/client_opts.go
+++ b/client_opts.go
@@ -36,10 +36,23 @@ func WithConfig(config *hashiVault.Config) ClientOption {
 	}
 }
 
+func WithTokenAuth(token string) ClientOption {
+	return func(c *client) {
+		c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
+			return tokenLogin(v, token)
+		}
+	}
+}
+
 func WithAppRoleAuth(roleID, secretID string) ClientOption {
 	return func(c *client) {
 		c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
-			return appRoleLogin(v, roleID, secretID)
+			sec, err := appRoleLogin(v, roleID, secretID)
+			if err != nil {
+				return nil, err
+			}
+			go c.renewAuthInfo()
+			return sec, nil
 		}
 	}
 }
@@ -47,7 +60,12 @@ func WithAppRoleAuth(roleID, secretID string) ClientOption {
 func WithUserPassAuth(username, password string) ClientOption {
 	return func(c *client) {
 		c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
-			return userPassLogin(v, username, password)
+			sec, err := userPassLogin(v, username, password)
+			if err != nil {
+				return nil, err
+			}
+			go c.renewAuthInfo()
+			return sec, nil
 		}
 	}
 }
diff --git a/token.go b/token.go
new file mode 100644
index 0000000..24e233a
--- /dev/null
+++ b/token.go
@@ -0,0 +1,8 @@
+package vaulty
+
+import hashiVault "github.com/hashicorp/vault/api"
+
+func tokenLogin(v *hashiVault.Client, token string) (*hashiVault.Secret, error) {
+	v.SetToken(token)
+	return v.Auth().Token().LookupSelf()
+}