Use anthropic SDK 0.109+ credentials= for long-running token refresh

[achandmsft]

Closes #42.

Summary

Replaces the AnthropicIdentity(Anthropic) subclass shim in src/hello_claude_token_refresh.py with the Anthropic Python SDK's built-in credentials= parameter (added in v0.98, May 2026).

The SDK wraps the provided AccessTokenProvider callable in a TokenCache that:

• calls the provider lazily (no token fetched at client construction),
• caches the token and reuses it across requests,
• on a 401 response, invalidates the cache and retries the request once with a freshly minted token (_should_retry override in src/anthropic/_client.py).

That's exactly what the AnthropicIdentity shim was emulating, so the subclass is now redundant. auth_token itself is still a static str upstream (anthropics/anthropic-sdk-python#1496 stays open), but the more general credentials= path solves the long-running use case cleanly.

Files changed

• src/hello_claude_token_refresh.py — delete AnthropicIdentity class; build a tiny provider that wraps DefaultAzureCredential.get_token() into AccessToken(token=t.token, expires_at=t.expires_on) (expires_on is unix seconds, the format the SDK's TokenCache expects). Pass it to Anthropic(credentials=provider, base_url=...). Provider accepts the force_refresh kwarg the protocol defines.
• requirements.txt — bump anthropic>=0.104.1 → anthropic>=0.109.1.
• README.md — update the long-running snippet inside the existing <details id="advanced-long-running-processes-auto-refreshing-the-entra-id-token"> block to the new credentials= pattern (anchor id preserved). Update the matching troubleshooting row.
• skills/claude-on-foundry/SKILL.md — mirror the same change in the DIAGNOSE table and the MODIFY playbook.

Not touched

• src/hello_claude.py — the one-shot script keeps using auth_token=token. It's still the simplest pattern when the process lives for a few seconds.
• src/check_claude_quota.py, src/hello_claude_apikey.py, the verifier scripts, and infra — none of them import the removed class.

Verification

• pip install --upgrade 'anthropic>=0.109.1' → installed 0.109.1.
• Import AccessToken, AccessTokenProvider, TokenCache from anthropic.lib.credentials → all present.
• Construct Anthropic(credentials=provider, base_url='https://example.services.ai.azure.com/anthropic') → client._token_cache is a TokenCache, client._custom_auth is an AccessTokenAuth, client.credentials is provider.
• Provider signature has the force_refresh kwarg the AccessTokenProvider protocol requires.

No live API round-trip in this PR — that path is covered by scripts/verify-claude-code.ps1 -RunPythonSample on a real deployment.

[pamelafox]

LGTM, I will try in my samples

[Copilot]

Pull request overview

This PR updates the repo’s long-running Python sample to use the Anthropic Python SDK’s built-in credentials= support for automatic Entra ID token refresh, removing the now-redundant AnthropicIdentity subclass workaround and aligning the README + operational playbook documentation with the new pattern.

Changes:

• Replaced the AnthropicIdentity(Anthropic) subclass shim in src/hello_claude_token_refresh.py with an AccessTokenProvider passed via Anthropic(credentials=...).
• Bumped the minimum Anthropic SDK version to anthropic>=0.109.1 to ensure credentials= and anthropic.lib.credentials.AccessToken are available.
• Updated README + skills/claude-on-foundry/SKILL.md guidance and troubleshooting to recommend credentials= for long-running processes.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
src/hello_claude_token_refresh.py	Removes the subclass shim and uses an AccessTokenProvider returning AccessToken(token, expires_at) from DefaultAzureCredential.get_token().
requirements.txt	Updates Anthropic SDK minimum version to support the credentials= flow.
README.md	Updates the long-running token refresh snippet and troubleshooting guidance to the credentials= pattern.
skills/claude-on-foundry/SKILL.md	Mirrors the updated long-running auth guidance in DIAGNOSE/MODIFY tables.