Skip to content

feat(auth/generic): support custom introspection endpoints#3068

Merged
duwenxin99 merged 5 commits into
mainfrom
feat-google-auth
May 7, 2026
Merged

feat(auth/generic): support custom introspection endpoints#3068
duwenxin99 merged 5 commits into
mainfrom
feat-google-auth

Conversation

@duwenxin99
Copy link
Copy Markdown
Contributor

@duwenxin99 duwenxin99 commented Apr 15, 2026
edited
Loading

This PR extends the generic authentication service to support custom introspection formats, specifically enabling integration with Google's tokeninfo endpoint for validating opaque access tokens. Added e2e integration test with Google OAuth.

@duwenxin99 duwenxin99 requested a review from a team as a code owner April 15, 2026 21:31
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for Google's tokeninfo endpoint within the generic authentication service, allowing for the validation of opaque access tokens. Key changes include new configuration options for introspection methods and parameter names, as well as logic to handle Google-specific audience fields and GET-based introspection requests. A security issue was identified regarding the removal of the 'active' status check, which is mandatory for standard OIDC providers to prevent the use of revoked tokens. Additionally, there are feedback items concerning Go naming conventions for initialisms and missing error handling in the new integration tests.

Comment thread internal/auth/generic/generic.go
Comment thread internal/auth/generic/generic.go Outdated
Comment thread tests/auth/auth_integration_test.go
averikitsch
averikitsch reviewed Apr 17, 2026
View reviewed changes
Comment thread docs/en/documentation/configuration/authentication/generic.md Outdated
@duwenxin99 duwenxin99 added the release candidate Use label to signal PR should be included in the next release. label May 6, 2026
@duwenxin99 duwenxin99 assigned averikitsch and unassigned Yuan325 May 6, 2026
averikitsch
averikitsch reviewed May 6, 2026
View reviewed changes
Comment thread docs/en/documentation/configuration/authentication/generic.md
averikitsch
averikitsch reviewed May 6, 2026
View reviewed changes
Comment thread docs/en/documentation/configuration/authentication/generic.md Outdated
averikitsch
averikitsch reviewed May 6, 2026
View reviewed changes
Comment thread docs/en/documentation/configuration/authentication/generic.md
@duwenxin99 duwenxin99 enabled auto-merge (squash) May 7, 2026 16:53
@duwenxin99 duwenxin99 merged commit 1b6b577 into main May 7, 2026
26 checks passed
@duwenxin99 duwenxin99 deleted the feat-google-auth branch May 7, 2026 17:05
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026

🧨 Preview deployments removed.

Cloudflare Pages environments for pr-3068 have been deleted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@averikitsch averikitsch averikitsch approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@averikitsch averikitsch

Labels

release candidate Use label to signal PR should be included in the next release.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@duwenxin99 @averikitsch @Yuan325