Module: Ask::Auth

Defined in:
lib/ask/auth.rb,
lib/ask/auth/version.rb,
lib/ask/auth/providers/env.rb,
lib/ask/auth/providers/file.rb,
lib/ask/auth/providers/oauth.rb,
lib/ask/auth/providers/database.rb,
lib/ask/auth/providers/rails_credentials.rb

Overview

Credential resolution for the ask-rb ecosystem.

Resolves credentials by walking a configured chain of providers (Env → File → RailsCredentials → Database → OAuth) and returning the first match.

Ask::Auth.resolve(:github_token)
Ask::Auth.resolve(:openai_api_key, user: current_user)

Defined Under Namespace

Modules: Providers Classes: Configuration, InvalidCredential, MissingCredential

Constant Summary collapse

VERSION =
"0.2.3"

Class Method Summary collapse

Class Method Details

.configurationObject



45
46
47
# File 'lib/ask/auth.rb', line 45

def configuration
  @configuration ||= default_configuration
end

.configure {|config| ... } ⇒ Object

Yields:

  • (config)


38
39
40
41
42
43
# File 'lib/ask/auth.rb', line 38

def configure
  config = Configuration.new
  yield config
  @configuration = config
  @configuration.freeze
end

.reset_configuration!Object



49
50
51
# File 'lib/ask/auth.rb', line 49

def reset_configuration!
  @configuration = nil
end

.resolve(*names, user: nil) ⇒ Object

Walk providers in order and return the first non-nil credential. Tries each name in order and returns the first match.

Each name can be:

Symbol/String  → flat key, tried literally by all providers
Array          → path segments, used for nested lookups (e.g., Rails credentials)

Ask::Auth.resolve(:openai_api_key)                    # flat key
Ask::Auth.resolve(:opencode_api_key, :opencode_go_api_key)  # fallbacks
Ask::Auth.resolve([:opencode, :api_key])              # nested path: credentials.opencode.api_key
Ask::Auth.resolve(:opencode_go_api_key, [:opencode, :api_key], user: current_user)
names

One or more Symbols, Strings, or Arrays identifying the credential

user

Optional user record for per-user providers (Database, OAuth)

Raises:



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# File 'lib/ask/auth.rb', line 67

def resolve(*names, user: nil)
  return nil if names.empty?

  names.each do |name|
    # Validate the name
    parts = Array(name).map { |p| p.to_s.strip }
    next if parts.empty? || parts.any?(&:empty?)

    configuration.providers.each do |provider|
      # Pass the original form (Symbol/Array) so providers can interpret it
      value = provider.call(name, user: user)
      next if value.nil?

      normalized = normalize(value)
      return normalized unless normalized.nil?
    end
  end

  raise MissingCredential, names
end