Documentation
¶
Overview ¶
Package claude provides OAuth2 authentication functionality for Anthropic's Claude API. This package implements the complete OAuth2 flow with PKCE (Proof Key for Code Exchange) for secure authentication with Claude API, including token exchange, refresh, and storage.
Package claude provides authentication and token management functionality for Anthropic's Claude AI services. It handles OAuth2 token storage, serialization, and retrieval for maintaining authenticated sessions with the Claude API.
Package claude provides authentication functionality for Anthropic's Claude API. This file implements a custom HTTP transport using utls to bypass TLS fingerprinting.
Index ¶
- type Auth
- func (o *Auth) CreateTokenStorage(bundle *AuthBundle) *TokenStorage
- func (o *Auth) ExchangeCodeForTokens(ctx context.Context, code, state string, pkceCodes *misc.PKCECodes) (*AuthBundle, error)
- func (o *Auth) GenerateAuthURL(state string, pkceCodes *misc.PKCECodes) (string, string, error)
- func (o *Auth) RefreshTokens(ctx context.Context, refreshToken string) (*TokenData, error)
- func (o *Auth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) (*TokenData, error)
- func (o *Auth) UpdateTokenStorage(storage *TokenStorage, TokenData *TokenData)
- type AuthBundle
- type TokenData
- type TokenStorage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth handles Anthropic OAuth2 authentication flow. It provides methods for generating authorization URLs, exchanging codes for tokens, and refreshing expired tokens using PKCE for enhanced security.
func NewAuth ¶
NewAuth creates a new Anthropic authentication service. It initializes the HTTP client with a custom TLS transport that uses Firefox fingerprint to bypass Cloudflare's TLS fingerprinting on Anthropic domains.
Parameters:
- cfg: The application configuration containing proxy settings
Returns:
- *Auth: A new Claude authentication service instance
func (*Auth) CreateTokenStorage ¶
func (o *Auth) CreateTokenStorage(bundle *AuthBundle) *TokenStorage
CreateTokenStorage creates a new TokenStorage from auth bundle and user info. This method converts the authentication bundle into a token storage structure suitable for persistence and later use.
Parameters:
- bundle: The authentication bundle containing token data
Returns:
- *TokenStorage: A new token storage instance
func (*Auth) ExchangeCodeForTokens ¶
func (o *Auth) ExchangeCodeForTokens( ctx context.Context, code, state string, pkceCodes *misc.PKCECodes, ) (*AuthBundle, error)
ExchangeCodeForTokens exchanges authorization code for access tokens. This method implements the OAuth2 token exchange flow using PKCE for security. It sends the authorization code along with PKCE verifier to get access and refresh tokens.
Parameters:
- ctx: The context for the request
- code: The authorization code received from OAuth callback
- state: The state parameter for verification
- pkceCodes: The PKCE codes for secure verification
Returns:
- *AuthBundle: The complete authentication bundle with tokens
- error: An error if token exchange fails
func (*Auth) GenerateAuthURL ¶
GenerateAuthURL creates the OAuth authorization URL with PKCE. This method generates a secure authorization URL including PKCE challenge codes for the OAuth2 flow with Anthropic's API.
Parameters:
- state: A random state parameter for CSRF protection
- pkceCodes: The PKCE codes for secure code exchange
Returns:
- string: The complete authorization URL
- string: The state parameter for verification
- error: An error if PKCE codes are missing or URL generation fails
func (*Auth) RefreshTokens ¶
RefreshTokens refreshes the access token using the refresh token. This method exchanges a valid refresh token for a new access token, extending the user's authenticated session.
Parameters:
- ctx: The context for the request
- refreshToken: The refresh token to use for getting new access token
Returns:
- *TokenData: The new token data with updated access token
- error: An error if token refresh fails
func (*Auth) RefreshTokensWithRetry ¶
func (o *Auth) RefreshTokensWithRetry(ctx context.Context, refreshToken string, maxRetries int) ( *TokenData, error, )
RefreshTokensWithRetry refreshes tokens with automatic retry logic.
func (*Auth) UpdateTokenStorage ¶
func (o *Auth) UpdateTokenStorage(storage *TokenStorage, TokenData *TokenData)
UpdateTokenStorage updates an existing token storage with new token data. This method refreshes the token storage with newly obtained access and refresh tokens, updating timestamps and expiration information.
Parameters:
- storage: The existing token storage to update
- TokenData: The new token data to apply
type AuthBundle ¶
type AuthBundle struct {
// APIKey is the Anthropic API key obtained from token exchange
APIKey string `json:"api_key"`
// TokenData contains the OAuth tokens from the authentication flow
TokenData TokenData `json:"token_data"`
// LastRefresh is the timestamp of the last token refresh
LastRefresh string `json:"last_refresh"`
}
AuthBundle aggregates authentication data after OAuth flow completion.
type TokenData ¶
type TokenData struct {
// AccessToken is the OAuth2 access token for API access
AccessToken string `json:"access_token"`
// RefreshToken is used to obtain new access tokens
RefreshToken string `json:"refresh_token"`
// Email is the Anthropic account email
Email string `json:"email"`
// Expire is the timestamp of the token expire
Expire string `json:"expired"`
}
TokenData holds OAuth token information from Anthropic.
type TokenStorage ¶
type TokenStorage struct {
// IDToken is the JWT ID token containing user claims and identity information.
IDToken string `json:"id_token"`
// AccessToken is the OAuth2 access token used for authenticating API requests.
AccessToken string `json:"access_token"`
// RefreshToken is used to obtain new access tokens when the current one expires.
RefreshToken string `json:"refresh_token"`
// LastRefresh is the timestamp of the last token refresh operation.
LastRefresh string `json:"last_refresh"`
// Email is the Anthropic account email address associated with this token.
Email string `json:"email"`
// Type indicates the authentication provider type, always "claude" for this storage.
Type string `json:"type"`
// Expire is the timestamp when the current access token expires.
Expire string `json:"expired"`
// Metadata holds arbitrary key-value pairs injected via hooks.
// It is not exported to JSON directly to allow flattening during serialization.
Metadata map[string]any `json:"-"`
}
TokenStorage stores OAuth2 token information for Anthropic Claude API authentication. It maintains compatibility with the existing auth system while adding Claude-specific fields for managing access tokens, refresh tokens, and user account information.
func (*TokenStorage) SaveTokenToFile ¶
func (ts *TokenStorage) SaveTokenToFile(authFilePath string) error
SaveTokenToFile serializes the Claude token storage to a JSON file. This method creates the necessary directory structure and writes the token data in JSON format to the specified file path for persistent storage. It merges any injected metadata into the top-level JSON object.
Parameters:
- authFilePath: The full path where the token file should be saved
Returns:
- error: An error if the operation fails, nil otherwise
func (*TokenStorage) SetMetadata ¶
func (ts *TokenStorage) SetMetadata(meta map[string]any)
SetMetadata allows external callers to inject metadata into the storage before saving.