feat(client): Add mint_token() method to Session API

[matt-codecov]

In lieu of pre-signed URLs, Session can expose a token that can be passed alongside an unsigned URL to temporarily confer access permission.

Ref FS-329

[github-actions]

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

Client

• Add mint_token() method to Session API by matt-codecov in #416

• Add mint_token() method to Session API by matt-codecov in #416
• Add 100 MB per-batch body size limit by jan-auer in #417
• Add put_path for lazy file descriptor opening by jan-auer in #415

Internal Changes 🔧

• (client) Refactor many API into combinator pipeline by lcian in #391
• (config) Collapse dual storage fields into a single StorageConfig by jan-auer in #384

Other

• release: 0.1.4 by getsentry-bot in 13f2b3ce
• release: 0.1.3 by getsentry-bot in 55decd0b

---

_{🤖 This preview updates automatically when you update the PR.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Walrus operator silently drops falsy token values
  • Changed the walrus condition to an explicit is not None check so empty-string tokens still produce an Authorization header as before.

Or push these changes by commenting:

@cursor push 529644ee64

Preview (529644ee64)

diff --git a/clients/python/src/objectstore_client/client.py b/clients/python/src/objectstore_client/client.py
--- a/clients/python/src/objectstore_client/client.py
+++ b/clients/python/src/objectstore_client/client.py
@@ -244,7 +244,7 @@
             headers.update(
                 dict(sentry_sdk.get_current_scope().iter_trace_propagation_headers())
             )
-        if token := self.mint_token():
+        if (token := self.mint_token()) is not None:
             headers["Authorization"] = f"Bearer {token}"
         return headers

_{This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.}

[cursor]

Walrus operator silently drops falsy token values

Low Severity

The refactored _make_headers uses if token := self.mint_token(): which is a truthiness check. If self._token is an empty string "", mint_token() returns "", and the walrus operator evaluates it as falsy, so the Authorization header is silently omitted. The original code unconditionally set the header for any str token. The Rust counterpart (if let Some(token)) doesn't have this asymmetry — it matches any Some value. Using is not None instead of truthiness would preserve the original behavior and stay consistent with Rust.

 

[matt-codecov]

this is fine imo

[linear-code]

FS-329 [auth] deploy objectstore auth in symbolicator