claude

package
v6.10.9-aug.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 14, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package claude provides OAuth2 authentication functionality for Anthropic's Claude API. This package implements the complete OAuth2 flow with PKCE (Proof Key for Code Exchange) for secure authentication with Claude API, including token exchange, refresh, and storage.

Package claude provides authentication and token management functionality for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, and retrieval for maintaining authenticated sessions with the Claude API.

Package claude provides authentication functionality for Anthropic's Claude API. This file implements a custom HTTP transport using utls to bypass TLS fingerprinting.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Auth

type Auth struct {
	// contains filtered or unexported fields
}

Auth handles Anthropic OAuth2 authentication flow. It provides methods for generating authorization URLs, exchanging codes for tokens, and refreshing expired tokens using PKCE for enhanced security.

func NewAuth

func NewAuth(cfg *config.Config) *Auth

NewAuth creates a new Anthropic authentication service. It initializes the HTTP client with a custom TLS transport that uses Firefox fingerprint to bypass Cloudflare's TLS fingerprinting on Anthropic domains.

Parameters:

  • cfg: The application configuration containing proxy settings

Returns:

  • *Auth: A new Claude authentication service instance

func (*Auth) CreateTokenStorage

func (o *Auth) CreateTokenStorage(bundle *AuthBundle) *TokenStorage

CreateTokenStorage creates a new TokenStorage from auth bundle and user info. This method converts the authentication bundle into a token storage structure suitable for persistence and later use.

Parameters:

  • bundle: The authentication bundle containing token data

Returns:

  • *TokenStorage: A new token storage instance

func (*Auth) ExchangeCodeForTokens

func (o *Auth) ExchangeCodeForTokens(
	ctx context.Context,
	code, state string,
	pkceCodes *misc.PKCECodes,
) (*AuthBundle, error)

ExchangeCodeForTokens exchanges authorization code for access tokens. This method implements the OAuth2 token exchange flow using PKCE for security. It sends the authorization code along with PKCE verifier to get access and refresh tokens.

Parameters:

  • ctx: The context for the request
  • code: The authorization code received from OAuth callback
  • state: The state parameter for verification
  • pkceCodes: The PKCE codes for secure verification

Returns:

  • *AuthBundle: The complete authentication bundle with tokens
  • error: An error if token exchange fails

func (*Auth) GenerateAuthURL

func (o *Auth) GenerateAuthURL(state string, pkceCodes *misc.PKCECodes) (string, string, error)

GenerateAuthURL creates the OAuth authorization URL with PKCE. This method generates a secure authorization URL including PKCE challenge codes for the OAuth2 flow with Anthropic's API.

Parameters:

  • state: A random state parameter for CSRF protection
  • pkceCodes: The PKCE codes for secure code exchange

Returns:

  • string: The complete authorization URL
  • string: The state parameter for verification
  • error: An error if PKCE codes are missing or URL generation fails

func (*Auth) RefreshTokens

func (o *Auth) RefreshTokens(ctx context.Context, refreshToken string) (*TokenData, error)

RefreshTokens refreshes the access token using the refresh token. This method exchanges a valid refresh token for a new access token, extending the user's authenticated session.

Parameters:

  • ctx: The context for the request
  • refreshToken: The refresh token to use for getting new access token

Returns:

  • *TokenData: The new token data with updated access token
  • error: An error if token refresh fails

func (*Auth) RefreshTokensWithRetry

func (o *Auth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (
	*TokenData,
	error,
)

RefreshTokensWithRetry refreshes tokens with automatic retry logic.

func (*Auth) UpdateTokenStorage

func (o *Auth) UpdateTokenStorage(storage *TokenStorage, TokenData *TokenData)

UpdateTokenStorage updates an existing token storage with new token data. This method refreshes the token storage with newly obtained access and refresh tokens, updating timestamps and expiration information.

Parameters:

  • storage: The existing token storage to update
  • TokenData: The new token data to apply

type AuthBundle

type AuthBundle struct {
	// APIKey is the Anthropic API key obtained from token exchange
	APIKey string `json:"api_key"`
	// TokenData contains the OAuth tokens from the authentication flow
	TokenData TokenData `json:"token_data"`
	// LastRefresh is the timestamp of the last token refresh
	LastRefresh string `json:"last_refresh"`
}

AuthBundle aggregates authentication data after OAuth flow completion.

type TokenData

type TokenData struct {
	// AccessToken is the OAuth2 access token for API access
	AccessToken string `json:"access_token"`
	// RefreshToken is used to obtain new access tokens
	RefreshToken string `json:"refresh_token"`
	// Email is the Anthropic account email
	Email string `json:"email"`
	// Expire is the timestamp of the token expire
	Expire string `json:"expired"`
}

TokenData holds OAuth token information from Anthropic.

type TokenStorage

type TokenStorage struct {
	// IDToken is the JWT ID token containing user claims and identity information.
	IDToken string `json:"id_token"`

	// AccessToken is the OAuth2 access token used for authenticating API requests.
	AccessToken string `json:"access_token"`

	// RefreshToken is used to obtain new access tokens when the current one expires.
	RefreshToken string `json:"refresh_token"`

	// LastRefresh is the timestamp of the last token refresh operation.
	LastRefresh string `json:"last_refresh"`

	// Email is the Anthropic account email address associated with this token.
	Email string `json:"email"`

	// Type indicates the authentication provider type, always "claude" for this storage.
	Type string `json:"type"`

	// Expire is the timestamp when the current access token expires.
	Expire string `json:"expired"`

	// Metadata holds arbitrary key-value pairs injected via hooks.
	// It is not exported to JSON directly to allow flattening during serialization.
	Metadata map[string]any `json:"-"`
}

TokenStorage stores OAuth2 token information for Anthropic Claude API authentication. It maintains compatibility with the existing auth system while adding Claude-specific fields for managing access tokens, refresh tokens, and user account information.

func (*TokenStorage) SaveTokenToFile

func (ts *TokenStorage) SaveTokenToFile(authFilePath string) error

SaveTokenToFile serializes the Claude token storage to a JSON file. This method creates the necessary directory structure and writes the token data in JSON format to the specified file path for persistent storage. It merges any injected metadata into the top-level JSON object.

Parameters:

  • authFilePath: The full path where the token file should be saved

Returns:

  • error: An error if the operation fails, nil otherwise

func (*TokenStorage) SetMetadata

func (ts *TokenStorage) SetMetadata(meta map[string]any)

SetMetadata allows external callers to inject metadata into the storage before saving.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL