Ruby Programming Language and Popular API Gems · Capability

RubyGems.org Registry API — OIDC

OIDC surface — OIDC. 1 operation. Lead operation: Exchange OIDC Token For Trusted Publishing API Key. Self-contained Naftiko capability covering one RubyGems business surface.

RubyGems.org Registry API — OIDC is a Naftiko capability published by Ruby Programming Language and Popular API Gems, one of 9 capabilities the APIs.io network indexes for this provider. It bundles 1 operation across the POST method rooted at /v1/oidc/api-key-role/{…}/assume-role.

The capability includes 1 state-changing operation. Lead operation: Exchange a CI OIDC token for a short-lived RubyGems API key. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.

Tagged areas include RubyGems, Registry, OIDC, and Trusted Publishing.

Run with Naftiko RubyGemsRegistryOIDCTrusted Publishing

What You Can Do

POST
Assumeoidcrole — Exchange a CI OIDC token for a short-lived RubyGems API key.
/v1/oidc/api-key-role/{token}/assume-role

MCP Tools

assume-oidc-role

Exchange a CI OIDC token for a short-lived RubyGems API key.

Capability Spec

rubygems-registry-oidc.yaml Raw ↑ 
naftiko: "1.0.0-alpha2"

info:
  label: "RubyGems.org Registry API — OIDC"
  description: >-
    OIDC surface — OIDC. 1 operation. Lead operation: Exchange OIDC Token For Trusted Publishing API Key.
    Self-contained Naftiko capability covering one RubyGems business surface.
  tags:
    - RubyGems
    - Registry
    - OIDC
    - Trusted Publishing
  created: "2026-05-23"
  modified: "2026-05-23"

binds:
  - namespace: env
    keys:
      CI_OIDC_TOKEN: CI_OIDC_TOKEN

capability:

  consumes:
    - type: http
      namespace: "rubygems-registry-oidc"
      baseUri: "https://rubygems.org"
      description: "RubyGems.org Registry — OIDC trusted-publishing surface. Self-contained, no shared references."
      resources:
        - name: "assume-role"
          path: "/api/v1/oidc/api_key_role/{token}/assume_role"
          operations:
            - name: "assumeOidcRole"
              method: POST
              description: "Exchange a CI OIDC token for a short-lived RubyGems API key."
              inputParameters:
                - name: "token"
                  in: path
                  type: string
                  required: true
                  description: "Trusted-publishing role token identifier."
                - name: "body"
                  in: body
                  type: object
                  required: true
                  description: "JSON body containing the CI-provided jwt."
              outputRawFormat: json
              outputParameters:
                - name: result
                  type: object
                  value: "$."

  exposes:
    - type: rest
      namespace: "rubygems-registry-oidc-rest"
      port: 8080
      description: "REST adapter for RubyGems.org Registry — OIDC trusted publishing."
      resources:
        - path: "/v1/oidc/api-key-role/{token}/assume-role"
          name: "assume-role"
          description: "REST surface for exchanging a CI OIDC token for a scoped RubyGems API key."
          operations:
            - method: POST
              name: "assumeOidcRole"
              description: "Exchange a CI OIDC token for a short-lived RubyGems API key."
              call: "rubygems-registry-oidc.assumeOidcRole"
              with:
                token: "rest.token"
                body: "rest.body"
              outputParameters:
                - type: object
                  mapping: "$."

    - type: mcp
      namespace: "rubygems-registry-oidc-mcp"
      port: 9090
      transport: http
      description: "MCP adapter for RubyGems.org Registry — OIDC trusted publishing."
      tools:
        - name: "assume-oidc-role"
          description: "Exchange a CI OIDC token for a short-lived RubyGems API key."
          hints:
            readOnly: false
            destructive: false
            idempotent: false
          call: "rubygems-registry-oidc.assumeOidcRole"
          with:
            token: "tools.token"
            body: "tools.body"
          outputParameters:
            - type: object
              mapping: "$."