Skip to content

Add Anthropic OAuth support for Claude Pro/Max subscriptions #1984

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
loss-and-quick wants to merge 32 commits into from
Closed

Add Anthropic OAuth support for Claude Pro/Max subscriptions #1984

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
d5fcc4e
add Anthropic OAuth backend support for Claude Pro/Max
loss-and-quick Mar 1, 2026
a312479
add Anthropic OAuth UI support for Claude Pro/Max
loss-and-quick Mar 1, 2026
ca52af4
fix Anthropic OAuth inference: add required anthropic-beta oauth header
loss-and-quick Mar 1, 2026
7574100
fix UI OAuth badge: add DB migration for anthropic_oauth_config_id co…
loss-and-quick Mar 1, 2026
e064343
fix: preserve AnthropicOAuthKeyConfig when writing keys to DB
loss-and-quick Mar 1, 2026
46cb6bd
Merge branch 'main' into anthropic-oauth
loss-and-quick Mar 7, 2026
2085704
fix: inject OAuth beta header in auth helpers
loss-and-quick Mar 7, 2026
4f7a48a
fix: include AnthropicOAuthKeyConfig in key hash
loss-and-quick Mar 7, 2026
238f158
fix: scope PostgreSQL migration query to current schema
loss-and-quick Mar 7, 2026
0b3f83a
fix: separate OAuth state from PKCE code_verifier
loss-and-quick Mar 7, 2026
68e1235
fix: reset AnthropicOAuthKeyConfig to nil in AfterFind
loss-and-quick Mar 7, 2026
9ab7781
fix: preserve anthropic-beta header from SetExtraHeaders in streaming
loss-and-quick Mar 7, 2026
adefcee
fix: avoid popup blocking and add data-testid to OAuth UI
loss-and-quick Mar 7, 2026
f43bc57
fix: prevent orphaned OAuth sessions on tab switch and cancel
loss-and-quick Mar 7, 2026
6d01f18
fix: preserve Anthropic OAuth config during key reconciliation
loss-and-quick Mar 7, 2026
876ee9c
fix: enforce mandatory state validation, cleanup orphaned OAuth flows…
loss-and-quick Mar 7, 2026
5ca55e0
Merge branch 'main' into anthropic-oauth
loss-and-quick Mar 12, 2026
df16aa2
Merge remote-tracking branch 'origin/main' into anthropic-oauth
loss-and-quick Mar 13, 2026
632bd58
refactor: move OAuth helper functions to utils.go
loss-and-quick Mar 13, 2026
08a318d
fix: return empty response from ListModels for OAuth-only keys
loss-and-quick Mar 13, 2026
c7884e4
fix: document intentional nil-preservation for AnthropicOAuthKeyConfig
loss-and-quick Mar 13, 2026
69daa35
fix: restore HTML escaping in shared JSON helpers, add SendJSONRaw
loss-and-quick Mar 13, 2026
0f980af
fix: fall back to static model catalog in /v1/models for OAuth-only s…
loss-and-quick Mar 13, 2026
7dc8bb3
fix: defensive copy of AnthropicOAuthKeyConfig in Redacted()
loss-and-quick Mar 13, 2026
a4f95fa
Merge remote-tracking branch 'origin/main' into anthropic-oauth
loss-and-quick Mar 28, 2026
0cbace1
fix(anthropic): move empty-key guard before header deletion in auth h…
loss-and-quick Mar 29, 2026
0dd55c1
fix(anthropic): clear conflicting auth headers in completeRequest
loss-and-quick Mar 29, 2026
c30224d
fix(oauth): return appropriate HTTP status codes from OAuth handlers
loss-and-quick Mar 29, 2026
8ade39c
fix(oauth): separate store errors from not-found in OAuth lookups
loss-and-quick Mar 29, 2026
24fcc09
fix(oauth): map provider 4xx token rejections to HTTP 400
loss-and-quick Mar 29, 2026
44cc087
fix(oauth): propagate store errors from ValidateToken
loss-and-quick Mar 29, 2026
0e8903e
fix(oauth): make CompleteAnthropicOAuthFlow idempotent and clean up o…
loss-and-quick Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions core/bifrost.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3573,6 +3573,7 @@ func (bifrost *Bifrost) createBaseProvider(providerKey schemas.ModelProvider, co
case schemas.OpenAI:
return openai.NewOpenAIProvider(config, bifrost.logger), nil
case schemas.Anthropic:
config.OAuth2Provider = bifrost.oauth2Provider
return anthropic.NewAnthropicProvider(config, bifrost.logger), nil
case schemas.Bedrock:
return bedrock.NewBedrockProvider(config, bifrost.logger)
Expand Down Expand Up @@ -6069,7 +6070,7 @@ func (bifrost *Bifrost) getAllSupportedKeys(ctx *schemas.BifrostContext, provide
if k.Enabled != nil && !*k.Enabled {
continue
}
if strings.TrimSpace(k.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType) {
if strings.TrimSpace(k.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType) || hasAnthropicOAuthCredentials(baseProviderType, k) {
supportedKeys = append(supportedKeys, k)
}
}
Expand Down Expand Up @@ -6132,8 +6133,8 @@ func (bifrost *Bifrost) getKeysForBatchAndFileOps(ctx *schemas.BifrostContext, p
}
}

// Check key value (or if provider allows empty keys or has Azure Entra ID credentials)
if strings.TrimSpace(k.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType) {
// Check key value (or if provider allows empty keys or has Anthropic OAuth credentials)
if strings.TrimSpace(k.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType) || hasAnthropicOAuthCredentials(baseProviderType, k) {
filteredKeys = append(filteredKeys, k)
}
}
Expand Down Expand Up @@ -6209,7 +6210,7 @@ func (bifrost *Bifrost) selectKeyFromProviderForModel(ctx *schemas.BifrostContex
if k.Enabled != nil && !*k.Enabled {
continue
}
if strings.TrimSpace(k.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType) {
if strings.TrimSpace(k.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType) || hasAnthropicOAuthCredentials(baseProviderType, k) {
supportedKeys = append(supportedKeys, k)
}
}
Expand All @@ -6220,7 +6221,7 @@ func (bifrost *Bifrost) selectKeyFromProviderForModel(ctx *schemas.BifrostContex
if key.Enabled != nil && !*key.Enabled {
continue
}
hasValue := strings.TrimSpace(key.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType)
hasValue := strings.TrimSpace(key.Value.GetValue()) != "" || CanProviderKeyValueBeEmpty(baseProviderType) || hasAnthropicOAuthCredentials(baseProviderType, key)
var modelSupported bool
if len(key.BlacklistedModels) > 0 && slices.Contains(key.BlacklistedModels, model) {
modelSupported = false
Expand Down
Loading