Class: Anthropic::Credentials::ConfigProvider

Inherits:

Object

• Object
• Anthropic::Credentials::ConfigProvider

Defined in:

lib/anthropic/credentials/config_provider.rb

Overview

Abstract base for access-token providers backed by a config object, whether read from disk (CredentialsFile) or supplied in memory (InMemoryConfig).

Subclasses must implement:

• load_config (private) – parse and cache the config hash into @config, populate @base_url (validated via require_https!), and resolve @credentials_path if applicable. Idempotent.

• config_source (private) – a string used in error messages to identify the configuration’s origin (a file path or a sentinel).

Direct Known Subclasses

CredentialsFile, InMemoryConfig

Instance Method Summary

• #bind_base_url(base_url) ⇒ void

  Sets the owning client’s base_url as a fallback for token exchange.

• #call(force_refresh: false) ⇒ AccessToken

  Returns an access token, performing token exchange if necessary.

• #extra_headers ⇒ Hash{String => String}

  Returns headers derived from the config (e.g., workspace_id).

• #initialize ⇒ ConfigProvider constructor

  A new instance of ConfigProvider.

• #resolved_base_url ⇒ String^?

  Returns the base_url from the config, if set.

Constructor Details

#initialize ⇒ ConfigProvider

Returns a new instance of ConfigProvider.

# File 'lib/anthropic/credentials/config_provider.rb', line 16

def initialize
  @config = nil
  @credentials_path = nil
  @base_url = nil
  @bound_base_url = nil
  @workload_delegate = nil
end

Instance Method Details

#bind_base_url(base_url) ⇒ void

This method returns an undefined value.

Sets the owning client’s base_url as a fallback for token exchange.

Parameters:

• base_url (String) —

  the base URL (must be HTTPS except for localhost)

# File 'lib/anthropic/credentials/config_provider.rb', line 59

def bind_base_url(base_url)
  bound = base_url.to_s.chomp("/")
  Anthropic::Config.require_https!(bound, field: "base_url")
  @bound_base_url = bound

  return unless @config
  @base_url = resolve_base_url(@config)
  Anthropic::Config.require_https!(@base_url, field: "#{config_source}: base_url")
end

#call(force_refresh: false) ⇒ AccessToken

Returns an access token, performing token exchange if necessary.

Parameters:

• force_refresh (Boolean) (defaults to: false) —

  if true, bypasses any cached token

Returns:

• (AccessToken) —

  the access token

Raises:

• (Anthropic::Errors::ConfigurationError) —

  on configuration errors

• (WorkloadIdentityError) —

  on token exchange failures

# File 'lib/anthropic/credentials/config_provider.rb', line 30

def call(force_refresh: false)
  auth = auth_block
  auth_type = auth[:type]

  case auth_type
  when AUTH_TYPE_OIDC_FEDERATION
    call_oidc_federation(auth, force_refresh: force_refresh)
  when AUTH_TYPE_USER_OAUTH
    call_user_oauth(auth, force_refresh: force_refresh)
  else
    raise Anthropic::Errors::ConfigurationError,
          "Unknown authentication.type #{auth_type.inspect} at #{config_source}. " \
          "Expected #{AUTH_TYPE_OIDC_FEDERATION.inspect} or #{AUTH_TYPE_USER_OAUTH.inspect}."
  end
end

#extra_headers ⇒ Hash{String => String}

Returns headers derived from the config (e.g., workspace_id).

Returns:

• (Hash{String => String}) —

  headers to merge into API requests

# File 'lib/anthropic/credentials/config_provider.rb', line 72

def extra_headers
  config = load_config
  headers = {}

  auth_type = config[:authentication][:type]
  if auth_type != AUTH_TYPE_OIDC_FEDERATION
    workspace_id = config[:workspace_id]
    headers["anthropic-workspace-id"] = workspace_id.to_s if workspace_id
  end

  headers
end

#resolved_base_url ⇒ String^?

Returns the base_url from the config, if set.

Returns:

• (String, nil) —

  the base URL, or nil if not configured

# File 'lib/anthropic/credentials/config_provider.rb', line 49

def resolved_base_url
  config = load_config
  raw = config[:base_url]
  raw ? raw.to_s.chomp("/") : nil
end