Simplify authserver's upstream provider interface#3638
Conversation
jhrozek
requested review from
ChrisJBurns,
JAORMX,
dmjb and
yrobla
as code owners
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Large PR Detected
This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.
How to unblock this PR:
Add a section to your PR description with the following format:
## Large PR Justification
[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformationAlternative:
Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.
See our Contributing Guidelines for more details.
This review will be automatically dismissed once you add the justification section.
jhrozek
force-pushed
the
auth-proxy-pr-14-upstream-iface
branch
from
12f5e82 to
a28c0f4
Compare
github-actions
bot
added
size/XL
github-actions
bot
dismissed
their stale review
Large PR justification has been provided. Thank you!
|
✅ Large PR justification has been provided. The size review has been dismissed and this PR can now proceed with normal review. |
Follow-up to an earlier discussion in a previous PR: #3580 (comment) Combine ExchangeCode and ResolveIdentity into atomic ExchangeCodeForIdentity Merge the two-step exchange+identity flow into a single interface method to prevent OIDC nonce validation from being accidentally skipped. This ensures replay protection is always enforced when exchanging authorization codes with OIDC providers. The OAuth2Provider interface shrinks from 6 to 4 methods by removing ExchangeCode, ResolveIdentity, and FetchUserInfo (now package-private). The UserInfo struct is also made private and moved to oauth2.go.
jhrozek
force-pushed
the
auth-proxy-pr-14-upstream-iface
branch
from
a28c0f4 to
a7b2fb6
Compare
github-actions
bot
added
size/XL
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3638 +/- ##
==========================================
+ Coverage 65.75% 65.96% +0.20%
==========================================
Files 411 413 +2
Lines 40805 41062 +257
==========================================
+ Hits 26833 27086 +253
+ Misses 11882 11881 -1
- Partials 2090 2095 +5 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
2 participants
Follow-up to an earlier discussion in a previous PR: #3580 (comment)
Combine ExchangeCode and ResolveIdentity into atomic ExchangeCodeForIdentity
Merge the two-step exchange+identity flow into a single interface method to prevent OIDC nonce validation from being accidentally skipped. This ensures replay protection is always enforced when exchanging authorization codes with OIDC providers.
The OAuth2Provider interface shrinks from 6 to 4 methods by removing ExchangeCode, ResolveIdentity, and FetchUserInfo (now package-private). The UserInfo struct is also made private and moved to oauth2.go.
Large PR Justification