The provider boundary. A provider is a value: a descriptor that says how it
authenticates, not a scatter of hardcoded branches and prose gotchas. The engine
only needs two things from a provider — how to obtain its auth (so it can pass an
api-key to the SDK when required) and how to reach it (the offline scripted fake
vs the real SDK). Everything the engine knows about a provider lives in
providers below, as data.
The provider boundary. A provider is a *value*: a descriptor that says how it authenticates, not a scatter of hardcoded branches and prose gotchas. The engine only needs two things from a provider — how to obtain its auth (so it can pass an api-key to the SDK when required) and how to reach it (the offline scripted fake vs the real SDK). Everything the engine knows about a provider lives in `providers` below, as data.
(api-key-config provider-id)The {:api-key ...} the SDK needs, for :api-key providers only. Other auth sources (:oauth-file, :adc, :none, :sdk-default) supply nothing here — the SDK handles them.
The {:api-key ...} the SDK needs, for :api-key providers only. Other auth
sources (:oauth-file, :adc, :none, :sdk-default) supply nothing here — the SDK
handles them.(auth-status provider-id)Introspect whether a provider's auth is satisfied — provider-as-value pays off: you can ask a provider what it needs and whether it's available, as data.
Introspect whether a provider's auth is satisfied — provider-as-value pays off: you can ask a provider what it needs and whether it's available, as data.
(descriptor provider-id)The descriptor for a provider id. Unknown providers default to :sdk-default — the SDK is left to authenticate however it sees fit.
The descriptor for a provider id. Unknown providers default to :sdk-default — the SDK is left to authenticate however it sees fit.
Provider descriptors. :auth is the source of credentials:
:api-key read the named env var (or .env) and hand it to the SDK
:oauth-file the SDK reads a credentials file itself; the engine supplies nothing
:adc Application Default Credentials; the SDK gets the token, but the
listed env vars must be exported into the JVM (the .env loader does
NOT push them to System/getenv)
:none the offline scripted fake; no network, no credentials
This table is the single source of truth — it replaces the old hardcoded env map
and the Codex/Vertex auth notes that used to live only in prose docs.
Provider descriptors. `:auth` is the source of credentials:
:api-key read the named env var (or .env) and hand it to the SDK
:oauth-file the SDK reads a credentials file itself; the engine supplies nothing
:adc Application Default Credentials; the SDK gets the token, but the
listed env vars must be exported into the JVM (the .env loader does
NOT push them to System/getenv)
:none the offline scripted fake; no network, no credentials
This table is the single source of truth — it replaces the old hardcoded env map
and the Codex/Vertex auth notes that used to live only in prose docs.cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |