loadBearerToken function
Loads the bearer token for gRPC calls.
Token loading priority:
KUMIHO_AUTH_TOKENenvironment variable- Firebase ID token from credentials file
- Control Plane token from credentials file (if
KUMIHO_USE_CONTROL_PLANE_TOKEN=true)
Returns null if no token is available.
Throws InvalidTokenFormatException if a token is found but has invalid format.
Implementation
String? loadBearerToken() {
// 1. Check environment variable first
final envToken = _normalize(Platform.environment[AuthEnvVars.authToken]);
if (envToken != null) {
return validateTokenFormat(envToken, source: 'KUMIHO_AUTH_TOKEN');
}
// 2. Load from credentials file
final credentials = loadCredentials();
if (credentials == null) {
return null;
}
// 3. Check preference for Control Plane token
final preferCp = _envFlag(AuthEnvVars.useControlPlaneToken);
if (preferCp && credentials.controlPlaneToken != null) {
return validateTokenFormat(
credentials.controlPlaneToken,
source: 'control_plane_token',
);
}
// 4. Prefer Firebase token
if (credentials.idToken.isNotEmpty) {
return validateTokenFormat(credentials.idToken, source: 'id_token');
}
// 5. Fallback to Control Plane token
if (credentials.controlPlaneToken != null) {
return validateTokenFormat(
credentials.controlPlaneToken,
source: 'control_plane_token',
);
}
return null;
}