stacklok / toolhive / 21149312641

coverage: 59.227% (+0.09%) from 59.14%
21149312641

push

github

web-flow 
Add UserInfo fetching support to authserver's upstream OAuth2 provider (#3344)

Add UserInfo fetching support to OAuth2 provider

Implement FetchUserInfo and ResolveIdentity methods on BaseOAuth2Provider
to retrieve user information from upstream OAuth2/OIDC providers. This
enables downstream handlers to obtain the authenticated user's subject.

FetchUserInfo makes an HTTP request to the configured UserInfo endpoint
with the access token as a Bearer credential. ResolveIdentity provides a
higher-level abstraction that fetches UserInfo and returns the subject
claim directly.

To support non-standard providers like GitHub that use "id" instead of
the OIDC-standard "sub" field, UserInfoFieldMapping allows configuring a
custom SubjectField. The ResolveSubject helper handles both string and
numeric subject values, converting JSON numbers to strings as needed.

The implementation includes response size limiting (1MB max), HTTP method
validation (GET/POST only per OIDC Core Section 5.3.1), and UserInfo
config validation during provider creation. The separate UserInfoFetcher
interface has been removed in favor of methods directly on OAuth2Provider.

Example usage for GitHub:
```
  UserInfo: &upstream.UserInfoConfig{
      EndpointURL: "https://api.github.com/user",
      FieldMapping: &upstream.UserInfoFieldMapping{
          SubjectField: "id",
      },
  }
```

96 of 108 new or added lines in 2 files covered. (88.89%)

13 existing lines in 4 files now uncovered.

35547 of 60018 relevant lines covered (59.23%)

81.12 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.81
/pkg/transport/proxy/httpsse/http_proxy.go


Source Not Available