25518577229

Committed 07 May 2026 07:52PM UTC coverage: 64.842% (+0.03%) from 64.809%

Build # 25518577229

Build Type

push

github

Committed by

web-flow

Commit Message

Use shared pkg/oauthproto helpers in tokenexchange (#5212)

Switch tokenexchange to the shared grant-helper primitives landed
earlier:

- HTTP client: delete the local defaultHTTPClient var and
  defaultHTTPTimeout const; route the nil-client fallback through
  oauthproto.DefaultHTTPClient(). Every grant now picks up the same
  process-wide transport and connection pool.

- Redaction: delete the local redactedPlaceholder and emptyPlaceholder
  constants; the three String() methods (exchangeRequest, response,
  clientAuthentication) now call oauthproto.Redact(value), which
  replaces four hand-rolled "if empty/else redacted" branches with
  one expression each.

- Pre-existing annotation cleanup: four //nolint:gosec // G117
  directives on sensitive struct-tag fields (AccessToken,
  RefreshToken, ClientSecret x2) were suppressing a rule gosec does
  not actually flag. Delete them per the go-style.md rule against
  //nolint directives that do not suppress a confirmed false
  positive. middleware.go had one //nolint:gosec // G706 in the same
  state; same treatment.

- Test hygiene: convert every defer server.Close() in
  exchange_test.go (22 sites) to t.Cleanup(server.Close). Every
  affected site runs t.Parallel either directly or via subtests;
  .claude/rules/testing.md calls out defer as a foot-gun there
  because the parent test function can return before parallel
  subtests finish, closing the server prematurely.

maxResponseBodySize stays local with a TODO referencing the
follow-up that replaces executeTokenExchangeRequest with
oauthproto.DoTokenRequest, at which point the local constant
disappears. createTokenExchangeRequest, executeTokenExchangeRequest,
parseTokenExchangeResponse are untouched in this commit for the
same reason: isolating the HTTP-client swap from the request-plumbing
rewrite makes a future bisect point at one concern at a time.

Coverage Stats

7 of 12 new or added lines in 1 file covered. (58.33%)

24 existing lines in 8 files now uncovered.

63367 of 97725 relevant lines covered (64.84%)

59.32 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.15

/pkg/transport/proxy/httpsse/http_proxy.go

stacklok / toolhive / 25518577229

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous