stacklok / toolhive / 24531349707
66%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 635
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 66.139% (+0.02%) from 66.121%
24531349707

push

github

web-flow 
Add AdditionalAuthorizationParams to upstream OAuth configs (#4862)

* Add AdditionalAuthorizationParams to CommonOAuthConfig

Google Drive MCP tokens can't be refreshed because Google requires
access_type=offline as an authorization URL query parameter, but the
provider config has no field for extra auth URL params. Add
AdditionalAuthorizationParams map[string]string to CommonOAuthConfig
with validation that rejects framework-managed params (response_type,
client_id, redirect_uri, scope, state, code_challenge,
code_challenge_method, nonce). Config-level params are merged in
buildAuthorizationURL() before caller opts so per-call and
OIDC-specific params can override.

Also fix OIDC provider construction to copy full CommonOAuthConfig
instead of cherry-picking fields, ensuring new and future fields
propagate to the embedded BaseOAuth2Provider.

Ref: #4840

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add AdditionalAuthorizationParams to RunConfig types

Add the field to both OIDCUpstreamRunConfig and
OAuth2UpstreamRunConfig so the runner can thread config-level
authorization params from the operator conversion layer through to the
upstream provider config.

Ref: #4840

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Thread AdditionalAuthorizationParams through runner

Copy AdditionalAuthorizationParams from RunConfig into the upstream
provider config in both buildOIDCConfig() and buildPureOAuth2Config()
so that config-level authorization params reach the provider.

Ref: #4840

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add AdditionalAuthorizationParams to CRD upstream configs

Add the field to both OIDCUpstreamConfig and OAuth2UpstreamConfig in
the MCPExternalAuthConfig CRD types. Capped at 16 entries via
kubebuilder MaxProperties validation to prevent abuse.

Ref: #4840

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Thread AdditionalAuthorizationP... (continued)

49 of 76 new or added lines in 8 files covered. (64.47%)

12 existing lines in 2 files now uncovered.

57538 of 86995 relevant lines covered (66.14%)

62.46 hits per line

Uncovered Changes

Lines Coverage File
15
59.41
 -0.47% cmd/thv-operator/controllers/virtualmcpserver_controller.go
11
42.8
 -0.18% cmd/thv-operator/api/v1alpha1/zz_generated.deepcopy.go
1
57.78
 3.68% cmd/thv-operator/api/v1alpha1/mcpexternalauthconfig_types.go

Coverage Regressions

Lines Coverage File
9
22.99
 -0.57% pkg/client/manager.go
3
70.0
 -3.33% pkg/state/local.go
Jobs
ID Job ID Ran Files Coverage
1 24531349707.1 635
66.14
 GitHub Action Run
Source Files on build 24531349707