feat: add auth integration layer with CLI compatibility by caffeinum · Pull Request #3 · caffeinum/claude-code-sdk-ts

caffeinum · 2025-08-15T02:53:48Z

Summary

Adds a high-level authentication integration layer that seamlessly works with the Claude CLI by sharing credentials.

Key Features

🔐 Authentication Manager (`Auth` class)

Defaults to ~/.claude/credentials.json for CLI integration
Automatic token refresh
Protection against accidental credential overwrites
Flexible storage options (CLI-compatible or project-specific)

🚀 Helper Functions

setupAuth() - Interactive authentication setup
quickAuth() - One-line authentication
withAuth() - Fluent API integration (placeholder for now)

🔄 CLI Integration

Single Authentication: Authenticate once, use everywhere (SDK and CLI)
Shared Credentials: Both SDK and CLI use ~/.claude/credentials.json
Format Compatibility: Automatically handles CLI's credential format

Usage

// One-time setup (integrates with CLI)
await setupAuth();

// Or with options
await setupAuth({
  overwriteExisting: false,  // Protect existing credentials
  autoRefresh: true
});

// Future: Fluent API integration
const response = await claude()
  .withAuth()  // Will use CLI credentials
  .query('analyze this code')
  .asText();

Implementation Details

Credentials stored in CLI format (wrapped in "anthropic" key)
Explicit user notifications about CLI integration
Safe defaults (won't overwrite existing credentials)
Comprehensive error handling

Files Changed

src/auth/auth.ts - Authentication manager implementation
src/fluent.ts - Added withAuth() placeholder
examples/auth-integrated.ts - Integration examples
AUTH_INTEGRATION.md - Complete documentation

Built on top of #2

🤖 Generated with Claude Code

- Implement OAuth PKCE authentication flow based on opencode implementation - Add ClaudeAuth and AnthropicAuth classes for programmatic auth - Store credentials securely in ~/.claude/credentials.json with 600 permissions - Automatic token refresh when expired - Complete auth example with interactive flow - Export auth functions: startAuth, isAuthenticated, getAccessToken, logout - Add comprehensive test coverage for auth functionality - Update README with detailed authentication documentation Resolves instantlyeasy#10 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> Co-authored-by: yolocode-ai <yolocodeai@users.noreply.github.com>

…rage

- renamed AuthAnthropic.access() to refresh() for clarity - removed storage dependency from refresh method - moved token storage logic to auth-example.ts - refresh now only handles token refresh, not storage 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>

- new example that doesn't use filesystem storage - outputs credentials directly to stdout - demonstrates token refresh functionality - useful for temporary auth or CI/CD environments 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>

… local source

removed packages that are not actually used in the implementation: - crypto: using node's built-in crypto module - node-fetch: using native fetch api 🤖 generated with [claude code](https://claude.ai/code) co-authored-by: claude <noreply@anthropic.com>

- removed AuthFileStorage class for manual storage handling - kept zod validation schemas as exported helpers - updated auth-example.ts to use manual file operations - exported OAuthCredentials, validateCredentials, isValidCredentials 🤖 generated with [claude code](https://claude.ai/code) co-authored-by: claude <noreply@anthropic.com>

- created Auth class for high-level authentication management - added setupAuth() and quickAuth() helper functions - added withAuth() placeholder to QueryBuilder (full integration pending) - created comprehensive examples showing auth usage - added AUTH_INTEGRATION.md documentation the auth module provides: - automatic token refresh - flexible storage options (project-local or global) - interactive setup flow - programmatic auth management 🤖 generated with [claude code](https://claude.ai/code) co-authored-by: claude <noreply@anthropic.com>

- auth now defaults to ~/.claude/credentials.json for cli integration - added overwriteExisting option to prevent accidental credential overwrites - credentials are stored in claude cli format (wrapped in 'anthropic' key) - made integration explicit in documentation and console output - both sdk and cli now share the same authentication this means: authenticate once, use everywhere (sdk and cli) 🤖 generated with [claude code](https://claude.ai/code) co-authored-by: claude <noreply@anthropic.com>

… dotfile convention

…true

- removed standalone setupAuth() and quickAuth() functions - withAuth() now handles authentication automatically when queries are executed - authentication prompts only appear when needed (lazy authentication) - simplified auth examples to show new integrated approach - maintains backward compatibility with Auth class for advanced use cases 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>

- setupAuth() now returns { url, complete } for developer to handle UI - removed automatic readline flow from SDK core - withAuth() only validates credentials, doesn't prompt - developer controls how to open URL (window.open, console.log, etc) - developer controls how to get code (prompt, modal, readline, etc) - updated examples to show different UI patterns this gives full control to developers over the auth flow ui 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>

the claude cli uses ~/.claude/.credentials.json (with dot prefix)

- logs full oauth exchange response - logs full oauth refresh response - logs requested scopes (including user:profile) - helps debug what user data is available from oauth

caffeinum and others added 12 commits August 11, 2025 21:42

feat: implement Anthropic auth flow with OpenAuth.js

0d45a7b

refactor: move auth flow to auth directory and simplify implementation

5bcf570

refactor: extract auth storage interface and implement file-based sto…

0ef8eed

…rage

feat: store OAuth credentials in file storage after token exchange

a5cfbdf

refactor: update import paths to use published npm package instead of…

e85feba

… local source

caffeinum force-pushed the feat/auth-anthropic branch from d864cfc to 6b4daa7 Compare August 15, 2025 02:54

caffeinum changed the base branch from feat/auth-anthropic to main August 15, 2025 02:56

caffeinum added 2 commits August 14, 2025 19:56

Merge remote-tracking branch 'origin/main' into feat/with-auth

a394fd2

fix: update credentials file path to use .credentials.json for better…

a468d24

… dotfile convention

caffeinum force-pushed the feat/with-auth branch from b4b9e32 to a468d24 Compare August 15, 2025 02:58

caffeinum and others added 5 commits August 14, 2025 20:00

feat: enable auth setup with overwriteExisting=false and autoRefresh=…

5532d61

…true

fix: correct cli credentials path to .credentials.json

6d20e1b

the claude cli uses ~/.claude/.credentials.json (with dot prefix)

feat: add oauth response logging to see profile data

7a6e9d5

- logs full oauth exchange response - logs full oauth refresh response - logs requested scopes (including user:profile) - helps debug what user data is available from oauth

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add auth integration layer with CLI compatibility#3

feat: add auth integration layer with CLI compatibility#3
caffeinum wants to merge 19 commits into
mainfrom
feat/with-auth

caffeinum commented Aug 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

caffeinum commented Aug 15, 2025

Summary

Key Features

🔐 Authentication Manager (Auth class)

🚀 Helper Functions

🔄 CLI Integration

Usage

Implementation Details

Files Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

🔐 Authentication Manager (`Auth` class)