You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: packages/toolbox-core/README.md
+14-5Lines changed: 14 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -269,22 +269,31 @@ connecting to a Toolbox server instance that requires authentication. This is
269
269
crucial for securing your Toolbox server endpoint, especially when deployed on
270
270
platforms like Cloud Run, GKE, or any environment where unauthenticated access is restricted.
271
271
272
-
This client-to-server authentication ensures that the Toolbox server can verify the identity of the client making the request before any tool is loaded or called. It is different from [Authenticating Tools](#authenticating-tools), which deals with providing credentials for specific tools within an already connected Toolbox session.
272
+
This client-to-server authentication ensures that the Toolbox server can verify
273
+
the identity of the client making the request before any tool is loaded or
274
+
called. It is different from [Authenticating Tools](#authenticating-tools),
275
+
which deals with providing credentials for specific tools within an already
276
+
connected Toolbox session.
273
277
274
278
### When is Client-to-Server Authentication Needed?
275
279
276
-
You'll need this type of authentication if your Toolbox server is configured to deny unauthenticated requests. For example:
280
+
You'll need this type of authentication if your Toolbox server is configured to
281
+
deny unauthenticated requests. For example:
277
282
278
283
- Your Toolbox server is deployed on Cloud Run and configured to "Require authentication."
279
-
- Your server is behind an Identity-Aware Proxy (IAP) or a similar authentication layer.
284
+
- Your server is behind an Identity-Aware Proxy (IAP) or a similar
285
+
authentication layer.
280
286
- You have custom authentication middleware on your self-hosted Toolbox server.
281
287
282
288
Without proper client authentication in these scenarios, attempts to connect or
283
289
make calls (like `load_tool`) will likely fail with `Unauthorized` errors.
284
290
285
291
### How it works
286
292
287
-
The `ToolboxClient` (and `ToolboxSyncClient`) allows you to specify functions (or coroutines for the async client) that dynamically generate HTTP headers for every request sent to the Toolbox server. The most common use case is to add an Authorization header with a bearer token (e.g., a Google ID token).
293
+
The `ToolboxClient` (and `ToolboxSyncClient`) allows you to specify functions
294
+
(or coroutines for the async client) that dynamically generate HTTP headers for
295
+
every request sent to the Toolbox server. The most common use case is to add an
296
+
Authorization header with a bearer token (e.g., a Google ID token).
288
297
289
298
These header-generating functions are called just before each request, ensuring
290
299
that fresh credentials or header values can be used.
@@ -298,7 +307,7 @@ You can configure these dynamic headers in two ways:
298
307
```python
299
308
from toolbox_core import ToolboxClient
300
309
301
-
asyncwith ToolboxClient("toolbox-url", headers={"header1": header1_getter, "header2": header2_getter, ...}) as client:
310
+
asyncwith ToolboxClient("toolbox-url", client_headers={"header1": header1_getter, "header2": header2_getter, ...}) as client:
0 commit comments