Module: AgentHarness::Authentication

Defined in:

lib/agent_harness/authentication.rb

Overview

Authentication management for CLI agent providers

Provides methods for checking auth status, generating OAuth URLs, and refreshing credentials for providers that support it.

Class Method Summary

• .auth_capabilities(provider_name) ⇒ Hash

  Get authentication flow capabilities for a provider.

• .auth_status(provider_name) ⇒ Hash

  Get detailed authentication status for a provider.

• .auth_url(provider_name) ⇒ String

  Generate an OAuth URL for a provider.

• .auth_url_supported?(provider_name) ⇒ Boolean

  Check whether OAuth URL generation is supported for a provider.

• .auth_valid?(provider_name) ⇒ Boolean

  Check if authentication is valid for a provider.

• .refresh_auth(provider_name, token: nil) ⇒ Hash

  Refresh authentication credentials for a provider.

• .refresh_auth_supported?(provider_name) ⇒ Boolean

  Check whether credential refresh is supported for a provider.

Class Method Details

.auth_capabilities(provider_name) ⇒ Hash

Get authentication flow capabilities for a provider.

Parameters:

• provider_name (Symbol) —

  the provider name

Returns:

• (Hash) —

  capabilities with :auth_type, :auth_url, :refresh keys

Raises:

• (ProviderNotFoundError) —

  if provider is unknown

# File 'lib/agent_harness/authentication.rb', line 43

def auth_capabilities(provider_name)
  provider_name = provider_name.to_sym
  provider = resolve_provider(provider_name)
  canonical_name = Providers::Registry.instance.canonical_name(provider_name)
  flow_supported = claude_oauth_flow_provider?(provider_name, canonical_name)

  {
    auth_type: provider.auth_type,
    auth_url: flow_supported,
    refresh: flow_supported
  }
end

.auth_status(provider_name) ⇒ Hash

Get detailed authentication status for a provider

Parameters:

• provider_name (Symbol) —

  the provider name

Returns:

• (Hash) —

  status with :valid, :expires_at, :error keys

# File 'lib/agent_harness/authentication.rb', line 28

def auth_status(provider_name)
  provider_name = provider_name.to_sym
  case provider_name
  when :claude, :anthropic
    claude_auth_status
  else
    generic_auth_status(provider_name)
  end
end

.auth_url(provider_name) ⇒ String

Generate an OAuth URL for a provider

Only supported for :oauth auth type providers.

Parameters:

• provider_name (Symbol) —

  the provider name

Returns:

• (String) —

  the OAuth authorization URL

Raises:

• (UnsupportedAuthFlowError) —

  if provider doesn’t support OAuth

# File 'lib/agent_harness/authentication.rb', line 72

def auth_url(provider_name)
  provider_name = provider_name.to_sym
  provider = resolve_provider(provider_name)

  unless provider.auth_type == :oauth
    raise UnsupportedAuthFlowError,
      "Provider #{provider_name} uses #{provider.auth_type} auth and does not support OAuth URL generation"
  end

  case provider_name
  when :claude, :anthropic
    claude_auth_url
  else
    raise UnsupportedAuthFlowError,
      "OAuth URL generation is not yet implemented for provider #{provider_name}"
  end
end

.auth_url_supported?(provider_name) ⇒ Boolean

Check whether OAuth URL generation is supported for a provider.

Parameters:

• provider_name (Symbol) —

  the provider name

Returns:

• (Boolean) —

  true if auth_url can be called for the provider

Raises:

• (ProviderNotFoundError) —

  if provider is unknown

# File 'lib/agent_harness/authentication.rb', line 61

def auth_url_supported?(provider_name)
  auth_capabilities(provider_name)[:auth_url]
end

.auth_valid?(provider_name) ⇒ Boolean

Check if authentication is valid for a provider

Parameters:

• provider_name (Symbol) —

  the provider name

Returns:

• (Boolean) —

  true if auth is valid, false otherwise

# File 'lib/agent_harness/authentication.rb', line 19

def auth_valid?(provider_name)
  status = auth_status(provider_name)
  !!status[:valid]
end

.refresh_auth(provider_name, token: nil) ⇒ Hash

Refresh authentication credentials for a provider

For OAuth providers, stores a pre-exchanged token directly. This method accepts a token (not an authorization code) because the OAuth code-exchange flow is provider-specific and should be handled by the caller or a CLI login command before calling this. For API key providers, raises UnsupportedAuthFlowError.

Parameters:

• provider_name (Symbol) —

  the provider name

• token (String) (defaults to: nil) —

  OAuth token to store (must be non-blank)

Returns:

• (Hash) —

  result with :success key

Raises:

• (UnsupportedAuthFlowError) —

  if provider doesn’t support credential refresh

# File 'lib/agent_harness/authentication.rb', line 111

def refresh_auth(provider_name, token: nil)
  provider_name = provider_name.to_sym
  provider = resolve_provider(provider_name)

  unless provider.auth_type == :oauth
    raise UnsupportedAuthFlowError,
      "Provider #{provider_name} uses #{provider.auth_type} auth and does not support credential refresh"
  end

  case provider_name
  when :claude, :anthropic
    refresh_claude_auth(token: token)
  else
    raise UnsupportedAuthFlowError,
      "Credential refresh is not yet implemented for provider #{provider_name}"
  end
end

.refresh_auth_supported?(provider_name) ⇒ Boolean

Check whether credential refresh is supported for a provider.

Parameters:

• provider_name (Symbol) —

  the provider name

Returns:

• (Boolean) —

  true if refresh_auth can be called for the provider

Raises:

• (ProviderNotFoundError) —

  if provider is unknown

# File 'lib/agent_harness/authentication.rb', line 95

def refresh_auth_supported?(provider_name)
  auth_capabilities(provider_name)[:refresh]
end