CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-anthropic-ai--claude-code

Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows

Pending
Overview
Eval results
Files

authentication.mddocs/

Authentication

Claude Code supports multiple authentication methods for secure access to AI services, including API keys, OAuth, subscription management, and third-party integrations.

Capabilities

API Key Authentication

Direct API key authentication for programmatic access.

# Environment variable (recommended)
export ANTHROPIC_API_KEY="sk-ant-api03-..."

# Command line argument
claude --api-key sk-ant-api03-...

# Configuration file
{
  "apiKey": "sk-ant-api03-...",
  "model": "claude-3-sonnet-20240229"
}

API Key Features:

  • Secure storage in system keychain (macOS)
  • Environment variable support
  • Configuration file integration
  • Per-project API key override
  • Key validation and testing

API Key Storage

Secure storage of API keys using system keychains.

# macOS Keychain storage
# Keys automatically stored in macOS Keychain
# Access controlled by system security

# Linux/Windows secure storage
# Keys stored in encrypted configuration
# OS-level security integration

# Manual key management
claude --set-api-key sk-ant-api03-...
claude --remove-api-key
claude --test-api-key

Storage Security:

  • System keychain integration (macOS)
  • Encrypted storage (Linux/Windows)
  • No plaintext key storage
  • Automatic key rotation support
  • Access logging and auditing

OAuth Authentication

OAuth 2.0 flow for secure account-based authentication.

# Initialize OAuth flow
claude --login

# OAuth with specific provider
claude --login --provider anthropic

# OAuth with custom scopes
claude --login --scopes "read write admin"

# Check authentication status
claude --auth-status

OAuth Features:

  • Standard OAuth 2.0 flow
  • Browser-based authentication
  • Automatic token refresh
  • Scope-based permissions
  • Multi-account support
{
  "oauth": {
    "clientId": "your-client-id",
    "redirectUri": "http://localhost:8080/callback",
    "scopes": ["read", "write"],
    "tokenEndpoint": "https://api.anthropic.com/oauth/token",
    "authEndpoint": "https://api.anthropic.com/oauth/authorize"
  }
}

Subscription Management

Claude Pro and Claude Max subscription integration.

# Check subscription status
claude --subscription-status

# Upgrade to Claude Max
claude /upgrade --claude-max

# View usage and billing
claude /cost --detailed

# Manage subscription
claude --manage-subscription

Subscription Features:

  • Claude Pro integration
  • Claude Max advanced features
  • Usage tracking and limits
  • Billing management
  • Feature availability based on plan
{
  "subscription": {
    "plan": "claude-max",
    "status": "active",
    "features": [
      "opus-access",
      "priority-bandwidth",
      "extended-context",
      "advanced-tools"
    ],
    "usage": {
      "tokens": 45000,
      "limit": 100000,
      "resetDate": "2024-02-01T00:00:00Z"
    }
  }
}

Third-party Integrations

Authentication with cloud providers and services.

AWS Bedrock Integration

# Bedrock authentication
export AWS_BEARER_TOKEN_BEDROCK="your-bedrock-token"
export AWS_REGION="us-west-2"

# Bedrock configuration
{
  "provider": "bedrock",
  "region": "us-west-2",
  "model": "anthropic.claude-3-sonnet-20240229-v1:0"
}

Bedrock Features:

  • AWS IAM integration
  • Regional model access
  • Enterprise security compliance
  • Cost management through AWS billing
  • VPC and private networking support

Google Vertex AI Integration

# Vertex AI authentication
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"
export GOOGLE_CLOUD_PROJECT="your-project-id"

# Vertex AI configuration
{
  "provider": "vertex",
  "project": "your-project-id",
  "location": "us-central1",
  "model": "claude-3-sonnet@20240229"
}

Vertex AI Features:

  • Google Cloud IAM integration
  • Service account authentication
  • Project-based access control
  • Regional deployment options
  • Enterprise compliance features

GitHub Integration

GitHub app and OAuth integration for repository access.

# Install GitHub app
claude /install-github-app

# GitHub OAuth login
claude --login --provider github

# Repository permissions
{
  "github": {
    "permissions": {
      "contents": "read",
      "pull_requests": "write",
      "issues": "write"
    },
    "repositories": ["owner/repo"]
  }
}

GitHub Features:

  • GitHub App installation
  • Repository access control
  • PR comment automation
  • Issue management
  • Code review assistance

Authentication Configuration

Comprehensive authentication configuration options.

{
  "authentication": {
    "method": "oauth",
    "provider": "anthropic",
    "fallback": "api-key",
    "timeout": 30000,
    "retryAttempts": 3,
    "autoRefresh": true,
    "storage": {
      "type": "keychain",
      "encryptionKey": "user-derived-key"
    }
  }
}

Configuration Options:

  • Primary and fallback authentication methods
  • Provider-specific settings
  • Timeout and retry configuration
  • Automatic token refresh
  • Secure storage preferences

Session Management

Authentication session handling and persistence.

# View active sessions
claude --list-sessions

# Logout from current session
claude --logout

# Logout from all sessions
claude --logout --all

# Session timeout configuration
{
  "session": {
    "timeout": 3600,
    "autoExtend": true,
    "maxDuration": 86400
  }
}

Session Features:

  • Multiple concurrent sessions
  • Session timeout management
  • Automatic session extension
  • Secure session storage
  • Cross-device session sync

Security Features

Advanced security and compliance features.

{
  "security": {
    "mfa": {
      "enabled": true,
      "methods": ["totp", "sms"]
    },
    "ipRestrictions": [
      "192.168.1.0/24",
      "10.0.0.0/8"
    ],
    "auditLogging": true,
    "sessionEncryption": true,
    "keyRotation": {
      "enabled": true,
      "interval": 2592000
    }
  }
}

Security Features:

  • Multi-factor authentication (MFA)
  • IP address restrictions
  • Audit logging and compliance
  • Session encryption
  • Automatic key rotation

Environment-specific Authentication

Different authentication methods for different environments.

# Development environment
export CLAUDE_ENV=development
export ANTHROPIC_API_KEY=sk-ant-dev-...

# Staging environment
export CLAUDE_ENV=staging
export AWS_BEARER_TOKEN_BEDROCK=staging-token

# Production environment
export CLAUDE_ENV=production
# OAuth-only in production

Environment Configuration:

{
  "environments": {
    "development": {
      "authentication": "api-key",
      "apiKey": "${DEV_API_KEY}"
    },
    "staging": {
      "authentication": "bedrock",
      "region": "us-west-2"
    },
    "production": {
      "authentication": "oauth",
      "requireMFA": true
    }
  }
}

Authentication Troubleshooting

Debug and resolve authentication issues.

# Test authentication
claude --test-auth

# Validate API key
claude --validate-key sk-ant-api03-...

# Check permissions
claude --check-permissions

# Reset authentication
claude --reset-auth

# Debug authentication flow
claude --debug-auth

Troubleshooting Commands:

  • Authentication validation
  • Permission verification
  • Token refresh testing
  • Connection diagnostics
  • Detailed error reporting

Error Handling

Comprehensive error handling for authentication failures.

// Authentication error types
enum AuthError {
  INVALID_API_KEY = 'invalid_api_key',
  EXPIRED_TOKEN = 'expired_token',
  INSUFFICIENT_PERMISSIONS = 'insufficient_permissions',
  RATE_LIMITED = 'rate_limited',
  NETWORK_ERROR = 'network_error',
  MFA_REQUIRED = 'mfa_required'
}

// Error handling patterns
try {
  await authenticateUser();
} catch (error) {
  switch (error.code) {
    case AuthError.INVALID_API_KEY:
      console.error('Invalid API key. Please check your configuration.');
      break;
    case AuthError.EXPIRED_TOKEN:
      await refreshToken();
      break;
    case AuthError.INSUFFICIENT_PERMISSIONS:
      console.error('Insufficient permissions for this operation.');
      break;
    default:
      console.error('Authentication failed:', error.message);
  }
}

Authentication Best Practices

Security best practices for authentication setup.

# Best practices checklist:

# 1. Use environment variables for API keys
export ANTHROPIC_API_KEY="sk-ant-api03-..."

# 2. Enable MFA when available
claude --enable-mfa

# 3. Use OAuth for interactive sessions
claude --login

# 4. Rotate keys regularly
claude --rotate-key

# 5. Monitor authentication logs
claude --show-auth-logs

# 6. Use least privilege permissions
{
  "permissions": ["read", "basic-write"]
}

# 7. Set session timeouts
{
  "session": {"timeout": 3600}
}

Compliance and Auditing

Enterprise compliance and auditing features.

{
  "compliance": {
    "auditLogging": true,
    "logRetention": 90,
    "ssoIntegration": {
      "enabled": true,
      "provider": "okta",
      "domain": "company.okta.com"
    },
    "dataResidency": "us-west-2",
    "encryptionAtRest": true,
    "encryptionInTransit": true
  }
}

Compliance Features:

  • Comprehensive audit logging
  • SSO integration support
  • Data residency controls
  • Encryption requirements
  • Access policy enforcement
  • Compliance reporting

Install with Tessl CLI

npx tessl i tessl/npm-anthropic-ai--claude-code

docs

authentication.md

cli-interface.md

cli-options.md

configuration.md

custom-commands.md

hooks.md

ide-integration.md

index.md

mcp-integration.md

sdk-integration.md

slash-commands.md

tile.json