CompareHashAndPassword compares a hashed client token with its possible plain text equivalent.

NewBackoffHandler creates a backoff handler that will respond to PermissionDenied errors in other services by attempting to refresh the current JWT token.

WithServer specifies that an IPC server should be started so other processes can request tokens from this process.

WithSocketNameSuffix specifies the (optional) suffix of the socket name.

TokenRefreshWindow indicates how soon before actual expiration the STS token will be considered expired.

Server encapsulates the receiving and queueing of token requests by other robot processes.

Option defines an option that can be set on the token server.