Class: Anthropic::Credentials::InMemoryConfig
- Inherits:
-
ConfigProvider
- Object
- ConfigProvider
- Anthropic::Credentials::InMemoryConfig
- Defined in:
- lib/anthropic/credentials/in_memory_config.rb,
sig/anthropic/credentials.rbs
Overview
An access token provider driven by an in-memory configuration hash.
Instead of reading from a config file, InMemoryConfig accepts a hash with
the same shape as configs/<profile>.json, allowing flexible configuration
without filesystem dependencies. This approach matches the behavior of
Go SDK's optionoption.WithConfig and TypeScript SDK's ClientOptions.config.
Dispatches on the authentication.type discriminator:
[+oidc_federation+]
OIDC workload identity federation. Lazily constructs a WorkloadIdentity
delegate from the nested auth fields plus the top-level organization_id
and calls it to perform the jwt-bearer exchange.
[+user_oauth+]
Output of an interactive PKCE login. The credentials file contains the
access_token (and optionally refresh_token). Currently refresh is not
implemented in Ruby; the credentials file is treated as externally rotated.
Instance Method Summary collapse
-
#build_workload_delegate(auth) ⇒ WorkloadIdentity
Builds a WorkloadIdentity delegate, honoring the optional
identity_token_provideroverride supplied at construction. - #config_path ⇒ nil
-
#initialize(config, identity_token_provider: nil) ⇒ InMemoryConfig
constructor
Initializes a new InMemoryConfig provider.
-
#load_config ⇒ Hash
Symbolizes the config hash on first call; cached thereafter.
Methods inherited from ConfigProvider
#auth_block, #bind_base_url, #call, #call_oidc_federation, #call_user_oauth, #coerce_expires_at, #extra_headers, #fill, #fill_missing_from_env, #read_credentials, #read_credentials_if_exists, #resolve_base_url, #resolve_identity_token_provider, #resolved_base_url, #write_credentials
Constructor Details
#initialize(config, identity_token_provider: nil) ⇒ InMemoryConfig
Initializes a new InMemoryConfig provider.
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'lib/anthropic/credentials/in_memory_config.rb', line 34 def initialize(config, identity_token_provider: nil) super() auth = config["authentication"] unless auth.is_a?(Hash) raise Anthropic::Errors::ConfigurationError, "config hash is missing the 'authentication' object. " \ "Expected shape: {\"authentication\": {\"type\": " \ "\"#{AUTH_TYPE_OIDC_FEDERATION}\"|\"#{AUTH_TYPE_USER_OAUTH}\", ...}, ...}" end auth_type = auth["type"] unless [AUTH_TYPE_OIDC_FEDERATION, AUTH_TYPE_USER_OAUTH].include?(auth_type) raise Anthropic::Errors::ConfigurationError, "Unknown authentication.type #{auth_type.inspect}. " \ "Expected #{AUTH_TYPE_OIDC_FEDERATION.inspect} or #{AUTH_TYPE_USER_OAUTH.inspect}." end credentials_path = auth["credentials_path"] if auth_type == AUTH_TYPE_USER_OAUTH && !credentials_path raise Anthropic::Errors::ConfigurationError, "authentication.type #{AUTH_TYPE_USER_OAUTH.inspect} requires " \ "'authentication.credentials_path' (where the access/refresh tokens live). " \ "For profile-based resolution, use CredentialsFile instead." end @raw_config = config @credentials_path = credentials_path ? Pathname.new(credentials_path). : nil @identity_token_provider_override = identity_token_provider end |
Instance Method Details
#build_workload_delegate(auth) ⇒ WorkloadIdentity
Builds a WorkloadIdentity delegate, honoring the optional
identity_token_provider override supplied at construction.
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/anthropic/credentials/in_memory_config.rb', line 88 def build_workload_delegate(auth) return super if @identity_token_provider_override.nil? config = load_config federation_rule_id = auth[:federation_rule_id] organization_id = config[:organization_id] unless federation_rule_id && organization_id raise Anthropic::Errors::ConfigurationError, "config hash with authentication.type #{AUTH_TYPE_OIDC_FEDERATION.inspect} must include " \ "'authentication.federation_rule_id' and top-level 'organization_id'" end delegate = WorkloadIdentity.new( identity_token_provider: @identity_token_provider_override, federation_rule_id: federation_rule_id, organization_id: organization_id, service_account_id: auth[:service_account_id], workspace_id: config[:workspace_id], scope: auth[:scope] ) delegate.bind_base_url(@base_url || DEFAULT_BASE_URL) delegate end |
#config_path ⇒ nil
213 |
# File 'sig/anthropic/credentials.rbs', line 213
def config_path: -> nil
|
#load_config ⇒ Hash
Symbolizes the config hash on first call; cached thereafter.
75 76 77 78 79 |
# File 'lib/anthropic/credentials/in_memory_config.rb', line 75 def load_config # rubocop:disable Naming/MemoizedInstanceVariableName @config ||= JSON.parse(JSON.generate(@raw_config), symbolize_names: true) # rubocop:enable Naming/MemoizedInstanceVariableName end |