Class: Anthropic::Credentials::InMemoryConfig

Inherits:

ConfigProvider

• Object
• ConfigProvider
• Anthropic::Credentials::InMemoryConfig

Defined in:

lib/anthropic/credentials/in_memory_config.rb

Overview

An access token provider driven by an in-memory configuration hash.

Instead of reading from a config file, InMemoryConfig accepts a hash with the same shape as configs/<profile>.json, allowing flexible configuration without filesystem dependencies. This approach matches the behavior of Go SDK’s optionoption.WithConfig and TypeScript SDK’s ClientOptions.config.

Dispatches on the authentication.type discriminator:

oidc_federation

OIDC workload identity federation. Lazily constructs a WorkloadIdentity delegate from the nested auth fields plus the top-level organization_id and calls it to perform the jwt-bearer exchange.

user_oauth

Output of an interactive PKCE login. The credentials file contains the access_token (and optionally refresh_token). Currently refresh is not implemented in Ruby; the credentials file is treated as externally rotated.

Instance Method Summary

• #initialize(config, identity_token_provider: nil) ⇒ InMemoryConfig constructor

  Initializes a new InMemoryConfig provider.

Methods inherited from ConfigProvider

#bind_base_url, #call, #extra_headers, #resolved_base_url

Constructor Details

#initialize(config, identity_token_provider: nil) ⇒ InMemoryConfig

Initializes a new InMemoryConfig provider.

Parameters:

• config (Hash) —

  configuration hash with the same shape as configs/<profile>.json. Must include authentication (Hash, required).

• identity_token_provider (Proc, nil) (defaults to: nil) —

  optional callable that returns an OIDC identity token string.

Raises:

• (Anthropic::Errors::ConfigurationError) —

  if config is missing the authentication object, has an unknown authentication.type, or is missing required fields for the specified authentication type

# File 'lib/anthropic/credentials/in_memory_config.rb', line 34

def initialize(config, identity_token_provider: nil)
  super()

  auth = config["authentication"]
  unless auth.is_a?(Hash)
    raise Anthropic::Errors::ConfigurationError,
          "config hash is missing the 'authentication' object. " \
          "Expected shape: {\"authentication\": {\"type\": " \
          "\"#{AUTH_TYPE_OIDC_FEDERATION}\"|\"#{AUTH_TYPE_USER_OAUTH}\", ...}, ...}"
  end

  auth_type = auth["type"]
  unless [AUTH_TYPE_OIDC_FEDERATION, AUTH_TYPE_USER_OAUTH].include?(auth_type)
    raise Anthropic::Errors::ConfigurationError,
          "Unknown authentication.type #{auth_type.inspect}. " \
          "Expected #{AUTH_TYPE_OIDC_FEDERATION.inspect} or #{AUTH_TYPE_USER_OAUTH.inspect}."
  end

  credentials_path = auth["credentials_path"]
  if auth_type == AUTH_TYPE_USER_OAUTH && !credentials_path
    raise Anthropic::Errors::ConfigurationError,
          "authentication.type #{AUTH_TYPE_USER_OAUTH.inspect} requires " \
          "'authentication.credentials_path' (where the access/refresh tokens live). " \
          "For profile-based resolution, use CredentialsFile instead."
  end

  @raw_config = config
  @credentials_path = credentials_path ? Pathname.new(credentials_path).expand_path : nil
  @identity_token_provider_override = identity_token_provider
end