OCI authentication-provider constructors.
Each public fn returns an AbstractAuthenticationDetailsProvider — the
marker interface that every OCI client's Builder.build(...) accepts.
Pass the result to clj-oci.clients/build-*-client for a one-shot
client, or to the 2-arity clj-oci.clients/*-client-for-region /
:auth-details-keyed clj-oci.clients/*-client-for for the per-region
cache.
No auto-detection. No implicit env-var consultation. No silent fallback.
The caller picks the provider by name. The existing ~/.oci/config
path is what clj-oci.clients/authentication-details provides
(singleton); everything in this namespace is the explicit alternative
for OCI-native runtimes (Instance Principal, Resource Principal, OKE
workload identity, session token) and for tests.
Why the unusual return type: InstancePrincipalsAuthenticationDetailsProvider
and ResourcePrincipalAuthenticationDetailsProvider do NOT implement
AuthenticationDetailsProvider (only AbstractAuthenticationDetailsProvider,
the marker interface). So we declare the marker — which is also what
every client builder's .build actually accepts.
Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
OCI authentication-provider constructors. Each public fn returns an `AbstractAuthenticationDetailsProvider` — the marker interface that every OCI client's `Builder.build(...)` accepts. Pass the result to `clj-oci.clients/build-*-client` for a one-shot client, or to the 2-arity `clj-oci.clients/*-client-for-region` / `:auth-details`-keyed `clj-oci.clients/*-client-for` for the per-region cache. No auto-detection. No implicit env-var consultation. No silent fallback. The caller picks the provider by name. The existing `~/.oci/config` path is what `clj-oci.clients/authentication-details` provides (singleton); everything in this namespace is the explicit alternative for OCI-native runtimes (Instance Principal, Resource Principal, OKE workload identity, session token) and for tests. Why the unusual return type: `InstancePrincipalsAuthenticationDetailsProvider` and `ResourcePrincipalAuthenticationDetailsProvider` do NOT implement `AuthenticationDetailsProvider` (only `AbstractAuthenticationDetailsProvider`, the marker interface). So we declare the marker — which is also what every client builder's `.build` actually accepts. Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
(config-file)(config-file {:keys [path profile]})ConfigFileAuthenticationDetailsProvider — reads ~/.oci/config.
Zero-arg: parses the default config file with the DEFAULT profile. With opts map: :path — config file path (default: ~/.oci/config) :profile — profile name (default: DEFAULT)
ConfigFileAuthenticationDetailsProvider — reads ~/.oci/config. Zero-arg: parses the default config file with the DEFAULT profile. With opts map: :path — config file path (default: ~/.oci/config) :profile — profile name (default: DEFAULT)
(instance-principal)InstancePrincipalsAuthenticationDetailsProvider — for code running on an OCI Compute instance with instance principal authentication enabled. Authenticates via the instance metadata service (IMDS).
Takes no opts. The SDK builder for IPV does NOT expose a region setter —
region is always derived from IMDS at call time. Cross-region operations
from an IPV-authenticated process go through the per-region client
dispatchers (*-client-for-region), which set region on the client
builder.
InstancePrincipalsAuthenticationDetailsProvider — for code running on an OCI Compute instance with instance principal authentication enabled. Authenticates via the instance metadata service (IMDS). Takes no opts. The SDK builder for IPV does NOT expose a region setter — region is always derived from IMDS at call time. Cross-region operations from an IPV-authenticated process go through the per-region client dispatchers (`*-client-for-region`), which set region on the *client* builder.
(oke-workload-identity)WorkloadIdentityFederationAuthenticationDetailProvider — for pods on OKE using workload identity (the namespace-bound federation flow). Requires the OKE workload identity service to be configured for the pod.
Note the SDK class name omits the 's' (DetailProvider, not DetailsProvider) — this is a known SDK naming quirk, not a typo.
WorkloadIdentityFederationAuthenticationDetailProvider — for pods on OKE using workload identity (the namespace-bound federation flow). Requires the OKE workload identity service to be configured for the pod. Note the SDK class name omits the 's' (DetailProvider, not DetailsProvider) — this is a known SDK naming quirk, not a typo.
(resource-principal)ResourcePrincipalAuthenticationDetailsProvider — for code running in OCI Functions / Container Instances / Data Science. Reads the OCI_RESOURCE_PRINCIPAL_* environment variables that the OCI runtime injects. Auto-selects v1.1 / v2 / v2.1 / v2.2 based on OCI_RESOURCE_PRINCIPAL_VERSION.
The caller chooses to use this; we do not auto-detect from the env.
ResourcePrincipalAuthenticationDetailsProvider — for code running in OCI Functions / Container Instances / Data Science. Reads the OCI_RESOURCE_PRINCIPAL_* environment variables that the OCI runtime injects. Auto-selects v1.1 / v2 / v2.1 / v2.2 based on OCI_RESOURCE_PRINCIPAL_VERSION. The caller chooses to use this; we do not auto-detect from the env.
(resource-principal-v3)ResourcePrincipalsV3AuthenticationDetailsProvider — pins the v3 token
shape explicitly. Use when v3 semantics are required; most callers
want resource-principal instead.
ResourcePrincipalsV3AuthenticationDetailsProvider — pins the v3 token shape explicitly. Use when v3 semantics are required; most callers want `resource-principal` instead.
(session-token)(session-token {:keys [path profile]})SessionTokenAuthenticationDetailsProvider — for delegated user sessions
(the output of oci session authenticate). Reads the session token from
the config file.
The SDK builder for this provider does NOT expose configuration-file-path
or profile-name setters — only file-path and session-token setters at the
constituent level. To load from ~/.oci/config, we use the constructor.
Zero-arg: reads the default config file with the DEFAULT profile. With opts map: :path — config file path :profile — profile name
SessionTokenAuthenticationDetailsProvider — for delegated user sessions (the output of `oci session authenticate`). Reads the session token from the config file. The SDK builder for this provider does NOT expose configuration-file-path or profile-name setters — only file-path and session-token setters at the constituent level. To load from `~/.oci/config`, we use the constructor. Zero-arg: reads the default config file with the DEFAULT profile. With opts map: :path — config file path :profile — profile name
(simple {:keys [tenancy-id user-id fingerprint region private-key-supplier
pass-phrase]})SimpleAuthenticationDetailsProvider — manual credential supply. Useful for tests and for callers that hold credentials in a non-standard form.
Required keys: :tenancy-id tenancy OCID (passed to .tenantId) :user-id user OCID :fingerprint key fingerprint :region com.oracle.bmc.Region :private-key-supplier java.util.function.Supplier<InputStream> returning a PEM-encoded private key Optional: :pass-phrase PEM passphrase string
SimpleAuthenticationDetailsProvider — manual credential supply. Useful
for tests and for callers that hold credentials in a non-standard form.
Required keys:
:tenancy-id tenancy OCID (passed to .tenantId)
:user-id user OCID
:fingerprint key fingerprint
:region com.oracle.bmc.Region
:private-key-supplier java.util.function.Supplier<InputStream>
returning a PEM-encoded private key
Optional:
:pass-phrase PEM passphrase stringcljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |