20361587338

Committed 19 Dec 2025 06:11AM UTC coverage: 80.073% (-3.0%) from 83.067%

Build # 20361587338

Build Type

push

github

Committed by

web-flow

Commit Message

Add Auth microservice for OIDC authentication with local JWT minting (#406)

* Initial plan

* Implement OIDC providers and JWT manager in copilot_auth adapter

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Create auth microservice with FastAPI endpoints and JWT support

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add auth service to docker-compose and create JWT middleware

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add authentication documentation and update main README

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Address security review feedback: remove keys from git, fix callback tampering, fix subject claim

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add comprehensive implementation summary for Auth microservice

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Security hardening and architectural improvements for auth service

This commit addresses multiple architectural and security concerns:

Architectural improvements:
- Move JWT middleware from auth service to copilot_auth adapter for reusability
- Simplify auth config to use TypedConfig directly (remove Pydantic wrapper)
- Delegate secret provider selection to factory pattern (copilot_secrets)
- Add backward-compatible re-export in auth/app/middleware.py

Security fixes:
- Fix JWKS cache to support key rotation (TTL: 3600s, periodic refresh)
- Fix userinfo endpoint circular trust (validate against configured audiences)
- Add session TTL (600s) and periodic cleanup (60s) to prevent memory leaks
- Enhance error handling with specific exception categories
- Rewrite web UI documentation to use secure patterns (httpOnly cookies)
- Remove insecure examples (localStorage, tokens in URLs)

Monitoring and observability:
- Add comprehensive metrics instrumentation (6 counters with labels)
- Track: l... (continued)

Run Details

210 of 478 new or added lines in 12 files covered. (43.93%)

1 existing line in 1 file now uncovered.

5079 of 6343 relevant lines covered (80.07%)

0.9 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

47.62

/adapters/copilot_auth/copilot_auth/github_provider.py

Alan-Jowett / CoPilot-For-Consensus / 20361587338

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous