stacklok / toolhive / 21530685553
61%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 487
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 60.344% (+0.001%) from 60.343%
21530685553

push

github

web-flow 
Persist DCR client credentials for OAuth session restoration (#3418)

* Persist DCR client credentials for OAuth session restoration

Extend OAuth token persistence to also store Dynamic Client Registration
(DCR) client credentials. This enables workloads that use DCR (like Datadog
and Glean) to restore OAuth sessions across restarts without requiring a
new browser-based authentication flow.

Changes:
- Add CachedClientIDRef and CachedClientSecretRef fields to remote.Config
- Add HasCachedClientCredentials() and ClearCachedClientCredentials() helpers
- Add TokenTypeOAuthClientID to secrets for secure storage
- Expose ClientID and ClientSecret in OAuthFlowResult from discovery
- Add ClientCredentialsPersister type for DCR credential persistence
- Update handler to restore and persist DCR credentials
- Update runner to wire up the client credentials persister

For PKCE flows (like Datadog), only the client_id is persisted since
no client_secret is issued.

Closes gh-3335

Signed-off-by: Frederic Le Feurmou <flfeurmou@indeed.com>

* fix(lint): move nosec comment to same line to satisfy gosec

Signed-off-by: Frederic Le Feurmou <flfeurmou@indeed.com>

* fix: address DCR review feedback

- Store ClientID as plain text instead of secret reference (it's public)
- Add CachedClientSecretExpiresAt field for expiration tracking
- Add CachedRegistrationAccessTokenRef field for registration updates
- Update handler to use plain text ClientID
- Simplify runner.go to not store ClientID in secret manager

* fix: address review feedback - remove unused TokenTypeOAuthClientID

- Remove TokenTypeOAuthClientID from secrets.go (client_id stored as plain text)
- Use lowercase test values for CachedClientID to reflect plain text storage

Signed-off-by: Frederic Le Feurmou <flfeurmou@indeed.com>

---------

Signed-off-by: Frederic Le Feurmou <flfeurmou@indeed.com>

9 of 67 new or added lines in 4 files covered. (13.43%)

4 existing lines in 2 files now uncovered.

39449 of 65373 relevant lines covered (60.34%)

76.37 hits per line

New Missed Lines in Diff

Lines Coverage File
2
76.95
 -0.3% pkg/auth/discovery/discovery.go
23
37.75
 -1.64% pkg/runner/runner.go
33
38.69
 -5.12% pkg/auth/remote/handler.go

Uncovered Existing Lines

Lines Coverage File
1
76.95
 -0.3% pkg/auth/discovery/discovery.go
3
71.85
 -1.11% pkg/ignore/processor.go
Jobs
ID Job ID Ran Files Coverage
1 21530685553.1 487
60.34
 GitHub Action Run
Source Files on build 21530685553