Update Claude usage auth flow to latest headers#109
Merged
Conversation
Contributor
|
Claude API 호출 시 최신 Claude Code 호환 헤더(User-Agent, 쿠키 비활성화 등)를 적용하고, 쉘 스크립트에서 키체인과 여러 JSON 경로를 순회하며 인증 정보를 찾도록 싹 업데이트했네.
이건 짧은 요약 프리뷰임. 상세한 라인별 코드 리뷰(버그 탐지, 보안 체크 포함)를 원하면 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This updates the Claude usage lookup path to follow the latest Claude Code-compatible OAuth request shape instead of relying on the older minimal header set.
Users were already authenticating successfully, but the app and the helper script were not aligned with the newer request conventions used by the reference implementation. That made the Claude integration harder to maintain and left the script and docs behind the real provider behavior.
The root cause was that the Swift provider, the shell helper, and the docs had drifted apart. The provider only set the bearer token and beta header, while the newer flow explicitly uses a Claude Code user agent, JSON accept/content headers, and no cookie dependency. The helper script also only read a single auth file even though Claude credentials can now come from multiple current sources.
This PR fixes that in two parts. First, the Claude provider now routes usage and identity requests through a shared OAuth request policy that sets
Authorization,Accept,Content-Type,User-Agent: claude-code/<version>,anthropic-beta: oauth-2025-04-20, disables cookies, and supports the same environment overrides used by the reference implementation. It also adds focused tests for that request policy. Second, the bundledquery-claude.shscript and the Claude API reference were refreshed to reflect the current auth source order:opencode-anthropic-auth/accounts.json, OpenCode auth, Claude Code auth, and macOS Keychain.Validation used the existing local checks and runtime verification.
make lint-swiftpassed,xcodebuild -project CopilotMonitor/CopilotMonitor.xcodeproj -scheme CopilotMonitor -configuration Debug -destination 'platform=macOS' -only-testing:CopilotMonitorTests testpassed with 71 tests and 7 expected skips, the script was checked withbash -n scripts/query-claude.sh, and the app was rebuilt and relaunched after clearing DerivedData. Runtime logs then confirmed fresh Claude usage fetches from the rebuilt app around 2026-03-25 19:00 KST.