MCPcopy
hub / github.com/codeaashu/claude-code / isAnthropicAuthEnabled

Function isAnthropicAuthEnabled

src/utils/auth.ts:100–149  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

98/** Whether we are supporting direct 1P auth. */
99// this code is closely related to getAuthTokenSource
100export function isAnthropicAuthEnabled(): boolean {
101 // --bare: API-key-only, never OAuth.
102 if (isBareMode()) return false
103
104 // `claude ssh` remote: ANTHROPIC_UNIX_SOCKET tunnels API calls through a
105 // local auth-injecting proxy. The launcher sets CLAUDE_CODE_OAUTH_TOKEN as a
106 // placeholder iff the local side is a subscriber (so the remote includes the
107 // oauth-2025 beta header to match what the proxy will inject). The remote's
108 // ~/.claude settings (apiKeyHelper, settings.env.ANTHROPIC_API_KEY) MUST NOT
109 // flip this — they'd cause a header mismatch with the proxy and a bogus
110 // "invalid x-api-key" from the API. See src/ssh/sshAuthProxy.ts.
111 if (process.env.ANTHROPIC_UNIX_SOCKET) {
112 return !!process.env.CLAUDE_CODE_OAUTH_TOKEN
113 }
114
115 const is3P =
116 isEnvTruthy(process.env.CLAUDE_CODE_USE_BEDROCK) ||
117 isEnvTruthy(process.env.CLAUDE_CODE_USE_VERTEX) ||
118 isEnvTruthy(process.env.CLAUDE_CODE_USE_FOUNDRY)
119
120 // Check if user has configured an external API key source
121 // This allows externally-provided API keys to work (without requiring proxy configuration)
122 const settings = getSettings_DEPRECATED() || {}
123 const apiKeyHelper = settings.apiKeyHelper
124 const hasExternalAuthToken =
125 process.env.ANTHROPIC_AUTH_TOKEN ||
126 apiKeyHelper ||
127 process.env.CLAUDE_CODE_API_KEY_FILE_DESCRIPTOR
128
129 // Check if API key is from an external source (not managed by /login)
130 const { source: apiKeySource } = getAnthropicApiKeyWithSource({
131 skipRetrievingKeyFromApiKeyHelper: true,
132 })
133 const hasExternalApiKey =
134 apiKeySource === 'ANTHROPIC_API_KEY' || apiKeySource === 'apiKeyHelper'
135
136 // Disable Anthropic auth if:
137 // 1. Using 3rd party services (Bedrock/Vertex/Foundry)
138 // 2. User has an external API key (regardless of proxy configuration)
139 // 3. User has an external auth token (regardless of proxy configuration)
140 // this may cause issues if users have complex proxy / gateway "client-side creds" auth scenarios,
141 // e.g. if they want to set X-Api-Key to a gateway key but use Anthropic OAuth for the Authorization
142 // if we get reports of that, we should probably add an env var to force OAuth enablement
143 const shouldDisableAuth =
144 is3P ||
145 (hasExternalAuthToken && !isManagedOAuthContext()) ||
146 (hasExternalApiKey && !isManagedOAuthContext())
147
148 return !shouldDisableAuth
149}
150
151/** Where the auth token is being sourced from, if any. */
152// this code is closely related to isAnthropicAuthEnabled

Callers 13

callFunction · 0.85
OnboardingFunction · 0.85
isClaudeAISubscriberFunction · 0.85
getOauthAccountInfoFunction · 0.85
getSubscriptionTypeFunction · 0.85
getRateLimitTierFunction · 0.85
validateForceLoginOrgFunction · 0.85
InstallGitHubAppFunction · 0.85
callFunction · 0.85
setupTokenHandlerFunction · 0.85
isVoiceStreamAvailableFunction · 0.85
hasVoiceAuthFunction · 0.85

Calls 4

isBareModeFunction · 0.85
isEnvTruthyFunction · 0.85
isManagedOAuthContextFunction · 0.85

Tested by

no test coverage detected