Thread API networking config through OIDC auto-discovery flow

[Copilot]

OIDC auto-discovery was ignoring the CLI's configured proxy, SSL verification, and custom headers, causing authentication failures in restricted network environments.

Changes

Extended credential context

• Added proxy, ssl_verify, user_agent, headers fields to CredentialContext
• Propagated from API config in _try_oidc_credential() → detectors → exchange

Refactored HTTP calls to use configured sessions

• exchange_oidc_token() now creates requests.Session with networking config
• EnvironmentDetector base class provides _create_session() helper
• GitHub Actions and Azure DevOps detectors use configured sessions for token fetching

Updated test mocking strategy

• Changed from mocking requests.get/post directly to mocking requests.Session
• Ensures tests exercise the session configuration code path

Impact

Users with CLOUDSMITH_API_PROXY, CLOUDSMITH_WITHOUT_API_SSL_VERIFY, or custom headers now have OIDC flows respect these settings.

Before:

# OIDC exchange ignored proxy config, failed in restricted networks
exchange_oidc_token(...) → requests.post(...) # used defaults

After:

# OIDC exchange uses CLI's networking config
session = create_exchange_session(proxy=ctx.proxy, ssl_verify=ctx.ssl_verify, ...)
session.post(...)  # respects proxy, SSL, headers

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.cloudsmith.io
  • Triggering command: /usr/bin/python python -m pytest cloudsmith_cli/core/tests/test_credentials.py -v --tb=short (dns block)
• oidc.example.com
  • Triggering command: /usr/bin/python python -m pytest cloudsmith_cli/core/tests/test_credentials.py -v --tb=short (dns block)
• token.example.com
  • Triggering command: /usr/bin/python python -m pytest cloudsmith_cli/core/tests/test_credentials.py -v --tb=short (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)