feat(auth/generic): support custom introspection endpoints#3068
feat(auth/generic): support custom introspection endpoints#3068duwenxin99 wants to merge 4 commits intomainfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for Google's tokeninfo endpoint within the generic authentication service, allowing for the validation of opaque access tokens. Key changes include new configuration options for introspection methods and parameter names, as well as logic to handle Google-specific audience fields and GET-based introspection requests. A security issue was identified regarding the removal of the 'active' status check, which is mandatory for standard OIDC providers to prevent the use of revoked tokens. Additionally, there are feedback items concerning Go naming conventions for initialisms and missing error handling in the new integration tests.
| introspectionEndpoint: https://www.googleapis.com/oauth2/v1/tokeninfo | ||
| introspectionMethod: GET | ||
| introspectionParamName: access_token |
There was a problem hiding this comment.
Can we not get these from the initial request?
3 participants
This PR extends the generic authentication service to support custom introspection formats, specifically enabling integration with Google's tokeninfo endpoint for validating opaque access tokens. Added e2e integration test with Google OAuth.