Class: Braintrust::Server::Auth::ClerkToken

Inherits:

Object

• Object
• Braintrust::Server::Auth::ClerkToken

Defined in:

lib/braintrust/server/auth/clerk_token.rb

Overview

Validates Clerk JWT session tokens via the Braintrust app endpoint. The browser forwards the Clerk session token which is validated by POST /api/apikey/login on the app server.

Constant Summary

DEFAULT_APP_URL =

"https://www.braintrust.dev"

RACK_AUTH_HEADER =

"HTTP_AUTHORIZATION"

RACK_ORG_NAME_HEADER =

"HTTP_X_BT_ORG_NAME"

BEARER_PATTERN =

/\ABearer (.+)\z/

LOGIN_PATH =

"/api/apikey/login"

Instance Method Summary

• #authenticate(env) ⇒ Object
• #initialize(app_url: nil) ⇒ ClerkToken constructor

  A new instance of ClerkToken.

Constructor Details

#initialize(app_url: nil) ⇒ ClerkToken

Returns a new instance of ClerkToken.

# File 'lib/braintrust/server/auth/clerk_token.rb', line 19

def initialize(app_url: nil)
  @app_url = app_url || DEFAULT_APP_URL
end

Instance Method Details

#authenticate(env) ⇒ Object

# File 'lib/braintrust/server/auth/clerk_token.rb', line 23

def authenticate(env)
  token = extract_bearer_token(env)
  return nil unless token

  login_response = validate_token(token)
  return nil unless login_response

  org_name = env[RACK_ORG_NAME_HEADER]

  {
    "api_key" => token,
    "org_id" => login_response["org_id"],
    "org_name" => org_name || login_response["org_name"],
    "app_url" => @app_url,
    "api_url" => login_response["api_url"] || @app_url
  }
end