Credential resolution

Credential resolution is the caller’s responsibility. initialise_table_benchling takes a fully-constructed BenchlingContext via ctx=, so this package never sees client_id / client_secret directly — it only uses ctx to authenticate and pull schemas.

Authentication is delegated entirely to mgtx-benchling-wrapper. How you load credentials (env vars, config.yaml, a keystore) is up to your deployment — store them as plaintext for the wrapper to consume.

Basic shape

from mgtx_benchling_wrapper.context.benchling_context import BenchlingContext
from xlwings_package import initialise_table_benchling

# Resolve your client_secret however you like — plaintext from env,
# config.yaml, or a keystore — then build the ctx and call the function.
client_secret = my_resolve_secret(...)  # your code

ctx = BenchlingContext(
    client_id="your-oauth2-app-client-id",
    client_secret=client_secret,
    base_url="https://yourorg.benchling.com",
    token_url="https://yourorg.benchling.com/api/v2/token",
)
initialise_table_benchling(wb, {"Assay Results": ["assaysch_abc123"]}, ctx=ctx)

Loading from config.yaml

The OAuth2 fields follow the layout documented by mgtx-benchling-wrapper. Copy config.yaml.example at the repo root to config.yaml (gitignored) and fill it in with plaintext values. A typical loader:

import yaml
from mgtx_benchling_wrapper.context.benchling_context import BenchlingContext

with open("config.yaml") as f:
    creds = yaml.safe_load(f)["BenchlingCredentials"]

ctx = BenchlingContext(**creds)

What the package does NOT do

• It does no credential resolution. It ships no config loader and no encryption/decryption — that all lives in mgtx-benchling-wrapper and your own deployment glue.
• It never reads plaintext from disk. The ctx you pass is the only contact point.
• It never logs client_secret. Authentication is delegated to mgtx-benchling-wrapper; this package only touches the context after it has been constructed.