@spec api_key(String.t()) :: api_key_auth()

Create API key authentication.

This is the most common authentication method for Weaviate Cloud.

Examples

auth = Auth.api_key("your-weaviate-api-key")

@spec bearer_token(
  String.t(),
  keyword()
) :: bearer_token_auth()

Create bearer token authentication.

Options

• :expires_in - Token expiration time in seconds
• :refresh_token - Refresh token for token renewal

Examples

auth = Auth.bearer_token("access-token")
auth = Auth.bearer_token("access-token", expires_in: 3600)

@spec client_credentials(String.t(), String.t(), keyword()) ::
  client_credentials_auth()

Create OIDC Client Credentials authentication.

Used for service-to-service authentication.

Options

• :scopes - OAuth scopes to request (default: [])

Examples

auth = Auth.client_credentials("client-id", "client-secret")
auth = Auth.client_credentials("client-id", "client-secret", scopes: ["openid"])

@spec client_password(String.t(), String.t(), keyword()) :: password_auth()

Create OIDC Password (Resource Owner Password Credentials) authentication.

Options

• :client_id - Client ID (optional for some providers)
• :client_secret - Client secret (optional)
• :scopes - OAuth scopes to request (default: [])

Examples

auth = Auth.client_password("user@example.com", "password")
auth = Auth.client_password("user", "pass",
  client_id: "my-client",
  scopes: ["openid", "profile"]
)

@spec get_oidc_headers(GenServer.server()) ::
  {:ok, [{String.t(), String.t()}]} | {:error, term()}

Get headers from an OIDC TokenManager.

This is a convenience function to get authorization headers when using OIDC authentication with a TokenManager.

Examples

{:ok, headers} = Auth.get_oidc_headers(MyApp.TokenManager)
# => [{"Authorization", "Bearer <access-token>"}]

@spec oidc_config(keyword()) :: %{issuer_url: String.t(), auth: map()}

Create OIDC configuration for use with TokenManager.

This creates a configuration that can be passed to TokenManager.start_link/1.

Options

• :issuer_url - OIDC issuer URL (required)
• :client_id - Client ID (required)
• :client_secret - Client secret (required for client_credentials)
• :username - Username (required for password grant)
• :password - Password (required for password grant)
• :scopes - OAuth scopes (default: [])
• :grant_type - Grant type: :client_credentials or :password (default: :client_credentials)

Examples

# Client credentials grant
config = Auth.oidc_config(
  issuer_url: "https://auth.example.com",
  client_id: "my-client",
  client_secret: "my-secret"
)

{:ok, _pid} = WeaviateEx.Auth.TokenManager.start_link(
  issuer_url: config.issuer_url,
  auth: config.auth,
  name: MyApp.WeaviateTokenManager
)

# Password grant
config = Auth.oidc_config(
  issuer_url: "https://auth.example.com",
  grant_type: :password,
  username: "user@example.com",
  password: "secret",
  client_id: "my-client"
)

@spec to_headers(t()) :: [{String.t(), String.t()}]

Convert authentication config to HTTP headers.

For OIDC types, this returns an empty list as tokens must be obtained via the OIDC token manager first.

Examples

auth = Auth.api_key("my-key")
headers = Auth.to_headers(auth)
# => [{"Authorization", "Bearer my-key"}]