chore: prepare new release(s)

Author: BatmanAoD

Cargo.lock

@@ -31,17 +31,17 @@
     oauth2-test-server = '=0.1.3'
     once_cell = '1.17.0'
     openapiv3 = '2.0'
-    opentelemetry = '0.30.0'
-    opentelemetry-http = '0.30.0'
-    opentelemetry_sdk = '0.30.0'
+    opentelemetry = '0.31'
+    opentelemetry-http = '0.31'
+    opentelemetry_sdk = '0.31'
     optipy = '0.1.0'
-    pbjson = '0.7.0'
-    pbjson-build = '0.7.0'
-    pbjson-types = '0.7.0'
+    pbjson = '0.9.0'
+    pbjson-build = '0.9.0'
+    pbjson-types = '0.9.0'
     prettyplease = '0.2'
-    prost = '0.13.3'
-    prost-build = '0.13.3'
-    prost-types = '0.13.3'
+    prost = '0.14.1'
+    prost-build = '0.14.1'
+    prost-types = '0.14.1'
     pyo3-build-config = '0.27.2'
     pyo3-stub-gen = '0.17.2'
     rigetti-pyo3 = '0.5.4'
@@ -58,11 +58,13 @@
     tempfile = '3.3.0'
     thiserror = '2.0'
     toml_edit = '0.23.7'
-    tonic-build = '0.13.1'
-    tonic-health = '0.13.1'
-    tonic-web = '0.13.1'
+    tonic-build = '0.14.2'
+    tonic-health = '0.14.2'
+    tonic-prost = '0.14.2'
+    tonic-prost-build = '0.14.2'
+    tonic-web = '0.14.2'
     tracing = '0.1.41'
-    tracing-opentelemetry = '0.31.0'
+    tracing-opentelemetry = '0.32.0'
     tracing-subscriber = '0.3.18'
     urlpattern = '0.4.0'
     walkdir = '2.5'
@@ -106,38 +108,38 @@
 
     [workspace.dependencies.qcs-api-client-common]
       path = 'qcs-api-client-common'
-      version = '0.17.6'
+      version = '0.18.0'
 
     [workspace.dependencies.qcs-api-client-grpc]
       path = 'qcs-api-client-grpc'
-      version = '0.17.6'
+      version = '0.18.0'
 
     [workspace.dependencies.qcs-api-client-grpc-internal]
       path = 'qcs-api-client-grpc-internal'
       registry = 'rigetti-cargo'
-      version = '0.18.6'
+      version = '0.19.0'
 
     [workspace.dependencies.qcs-api-client-openapi]
       path = 'qcs-api-client-openapi/public'
-      version = '0.18.6'
+      version = '0.19.0'
 
     [workspace.dependencies.qcs-api-client-openapi-internal]
       path = 'qcs-api-client-openapi/internal'
       registry = 'rigetti-cargo'
-      version = '0.18.6'
+      version = '0.19.0'
 
     [workspace.dependencies.reqwest]
       default-features = false
-      features = ['json', 'rustls-tls-native-roots']
-      version = '0.12.5'
+      features = ['form', 'json', 'query', 'rustls', 'system-proxy']
+      version = '0.13'
 
     [workspace.dependencies.reqwest-middleware]
-      features = ['json']
-      version = '>0.3.0,<0.5'
+      features = ['json', 'query']
+      version = '0.5'
 
     [workspace.dependencies.reqwest-tracing]
-      features = ['opentelemetry_0_30']
-      version = '0.5.8'
+      features = ['opentelemetry_0_31']
+      version = '0.7'
 
     [workspace.dependencies.rigetti-hyper-proxy]
       default-features = false
@@ -176,7 +178,7 @@
 
     [workspace.dependencies.tonic]
       features = ['tls-native-roots', 'gzip']
-      version = '0.13.1'
+      version = '0.14.2'
 
     [workspace.dependencies.tower]
       features = ['retry', 'util']

Cargo.toml

@@ -1,3 +1,13 @@
+## 0.18.0 (2026-05-04)
+
+### Breaking Changes
+
+- upgrade tonic
+
+### Fixes
+
+- Return valid OAuthSession even if there is a WriteError
+
 ## 0.17.6 (2026-04-21)
 
 ### Fixes

qcs-api-client-common/CHANGELOG.md

@@ -71,7 +71,7 @@
 
   [dependencies.reqwest]
     default-features = false
-    features = ['socks', 'rustls-tls-native-roots']
+    features = ['socks']
     workspace = true
 
   [dependencies.rigetti-pyo3]
@@ -220,7 +220,7 @@
   publish = true
   readme = 'README.md'
   repository = 'https://github.com/rigetti/qcs-api-client-rust'
-  version = '0.17.6'
+  version = '0.18.0'
 
   [package.metadata]
     [package.metadata.docs]

qcs-api-client-common/Cargo.toml

@@ -1,7 +1,7 @@
 [project]
 name = "qcs-api-client-common"
 requires-python = ">=3.10,<4"
-version = "0.17.6"
+version = "0.18.0"
 description = "Contains core QCS client functionality and middleware implementations."
 readme = "README-py.md"
 license = { text = "Apache-2.0" }

qcs-api-client-common/pyproject.toml

@@ -90,8 +90,15 @@ pub enum TokenError {
     #[error("Failed to request an externally managed access token: {0}")]
     ExternallyManaged(String),
     /// Failure writing the new access token to the secrets file.
-    #[error("Failed to write the new access token to the secrets file. Setting `{SECRETS_READ_ONLY_VAR}=true` in the environment will skip persistence of newly acquired tokens. Error details: {0}")]
-    Write(#[from] WriteError),
+    #[error("Failed to write the new access token to the secrets file. Setting `{SECRETS_READ_ONLY_VAR}=true` in the environment will skip persistence of newly acquired tokens. Error details: {error}")]
+    Write {
+        /// The underlying write error.
+        error: WriteError,
+        /// The successfully refreshed OAuth session that failed to persist. The token is valid and can be used despite the write failure.
+        ///
+        /// Boxed to reduce the size of the `TokenError` enum and avoid `clippy::result_large_err` warnings.
+        oauth_session: Box<super::OAuthSession>,
+    },
     /// Failure fetching the OIDC discovery document.
     #[error("Failed to fetch the OIDC discovery document: {0}")]
     Discovery(#[from] DiscoveryError),

qcs-api-client-common/src/configuration/error.rs

@@ -47,7 +47,7 @@ pub enum PkceLoginError {
     #[error(transparent)]
     RedirectListenerError(#[from] RedirectListenerError),
     #[error(transparent)]
-    ReqwestClient(#[from] reqwest::Error),
+    ReqwestClient(#[from] oauth2::reqwest::Error),
     #[error("Error joining redirect listener task: {0}")]
     JoinError(#[from] tokio::task::JoinError),
     #[error("The redirect response's verifier state doesn't match the expected values")]
@@ -56,7 +56,7 @@ pub enum PkceLoginError {
     RequestToken(
         #[from]
         RequestTokenError<
-            HttpClientError<reqwest::Error>,
+            HttpClientError<oauth2::reqwest::Error>,
             StandardErrorResponse<BasicErrorResponseType>,
         >,
     ),
@@ -120,7 +120,7 @@ pub(crate) async fn pkce_login(
 
     if cfg!(test) {
         // Tests are headless, and should use an oauth2 request that does not require entering credentials.
-        let client = reqwest::Client::new();
+        let client = oauth2::reqwest::Client::new();
         println!("Requesting auth URL: {auth_url}");
         client.get(auth_url).send().await?.error_for_status()?;
     } else {
@@ -140,9 +140,9 @@ pub(crate) async fn pkce_login(
         return Err(PkceLoginError::CodeChallengeMismatch);
     }
 
-    let http_client = reqwest::ClientBuilder::new()
+    let http_client = oauth2::reqwest::ClientBuilder::new()
         // Following redirects opens the client up to SSRF vulnerabilities.
-        .redirect(reqwest::redirect::Policy::none())
+        .redirect(oauth2::reqwest::redirect::Policy::none())
         .build()?;
 
     let token_result = client

qcs-api-client-common/src/configuration/pkce.rs

@@ -596,34 +596,50 @@ impl TokenDispatcher {
         let oauth_session = refresh_fn(self.lock.clone()).await?;
 
         // If the config source is a file, write the new access token to the file
-        if let ConfigSource::File {
+        let write_result = if let ConfigSource::File {
             settings_path: _,
             secrets_path,
         } = source
         {
-            if !Secrets::is_read_only(secrets_path).await? {
-                // If the payload is a PkceFlow, write the fresh refresh token if available.
-                let refresh_token = match &oauth_session.payload {
-                    OAuthGrant::PkceFlow(payload) => {
-                        payload.refresh_token.as_ref().map(|rt| &rt.refresh_token)
-                    }
-                    _ => None,
-                };
-
-                let now = OffsetDateTime::now_utc();
-                Secrets::write_tokens(
-                    secrets_path,
-                    profile,
-                    refresh_token,
-                    oauth_session.access_token()?,
-                    now,
-                )
-                .await?;
+            match Secrets::is_read_only(secrets_path).await {
+                Ok(true) => Ok(()),
+                Ok(false) => {
+                    // If the payload is a PkceFlow, write the fresh refresh token if available.
+                    let refresh_token = match &oauth_session.payload {
+                        OAuthGrant::PkceFlow(payload) => {
+                            payload.refresh_token.as_ref().map(|rt| &rt.refresh_token)
+                        }
+                        _ => None,
+                    };
+
+                    let now = OffsetDateTime::now_utc();
+                    Secrets::write_tokens(
+                        secrets_path,
+                        profile,
+                        refresh_token,
+                        oauth_session.access_token()?,
+                        now,
+                    )
+                    .await
+                }
+                Err(e) => Err(e),
             }
-        }
+        } else {
+            Ok(())
+        };
 
+        // Always clean up the refreshing lock, even if write failed
         *self.refreshing.lock().await = false;
         self.notify_refreshed.notify_waiters();
+
+        // If write failed, return error with the valid oauth_session
+        if let Err(error) = write_result {
+            return Err(TokenError::Write {
+                error,
+                oauth_session: Box::new(oauth_session),
+            });
+        }
+
         Ok(oauth_session)
     }
 
@@ -897,7 +913,22 @@ impl TokenRefresher for ClientConfiguration {
     }
 
     async fn refresh_access_token(&self) -> Result<SecretAccessToken, Self::Error> {
-        Ok(self.refresh().await?.access_token()?.clone())
+        match self.refresh().await {
+            Ok(session) => Ok(session.access_token()?.clone()),
+            Err(TokenError::Write {
+                error,
+                oauth_session,
+            }) => {
+                // Token refresh succeeded but persistence failed. Extract and return the access token from the error.
+                #[cfg(feature = "tracing")]
+                tracing::warn!(
+                    "Token refresh succeeded but failed to persist: {}. Returning access token from error.",
+                    error
+                );
+                Ok(oauth_session.access_token()?.clone())
+            }
+            Err(e) => Err(e),
+        }
     }
 
     async fn get_access_token(&self) -> Result<Option<SecretAccessToken>, Self::Error> {

qcs-api-client-common/src/configuration/tokens.rs

@@ -1,3 +1,13 @@
+## 0.18.0 (2026-05-04)
+
+### Breaking Changes
+
+- upgrade tonic
+
+### Fixes
+
+- Return valid OAuthSession even if there is a WriteError
+
 ## 0.17.6 (2026-04-21)
 
 ### Fixes

qcs-api-client-grpc/CHANGELOG.md

@@ -8,6 +8,9 @@
   [build-dependencies.tonic-build]
     workspace = true
 
+  [build-dependencies.tonic-prost-build]
+    workspace = true
+
 [dependencies]
   [dependencies.backoff]
     features = ['tokio']
@@ -77,6 +80,9 @@
   [dependencies.tonic]
     workspace = true
 
+  [dependencies.tonic-prost]
+    workspace = true
+
   [dependencies.tonic-web]
     optional = true
     workspace = true
@@ -164,4 +170,4 @@
   publish = true
   readme = 'README.md'
   repository = 'https://github.com/rigetti/qcs-api-client-rust'
-  version = '0.17.6'
+  version = '0.18.0'