• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

uc-cdis / fence / 29038387428
75%

Build:
DEFAULT BRANCH: master
Ran 09 Jul 2026 05:53PM UTC
Jobs 1
Files 122
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

09 Jul 2026 05:48PM UTC coverage: 75.409% (+0.3%) from 75.073%
29038387428

push

github

web-flow
MIDRC-1285 MIDRC-1291 Task tokens + Access token denylist + Validate aud (#1356)

* validate audience = 'gen3'

* fix client_id in audience

* generate access token with additional aud

* add custom exp

* update authutils

* force adding TES aud to token from API key

* fix

* query param instead of body

* fix for old API keys and tokens

* do not force add work_order param

* comment

* clean up

* fix revoke invalid token logic

* client can revoke access token

* add token revocation and check status endpoints

* update swagger doc

* update comments

* simplify /token/blacklisted endpoint

* add log

* fix unit tests

* unit tests

* more expiration checks

* add authz check

* fix test

* latest commit of authutils branch

* fix to accept gen3-workflow s3 endpoint auth header

* handle blacklisted expired token

* fix typo

* remove custom revoke endpoint, no regular token revocation, remove scopes from aud

* validate_jwt does not check if regular token is blacklisted

* authz check

* revert 400 to 200 for genwf s3 endpoint use case

* rename work order token => task token

* update openapi doc

* fix getting auth mapping

* fix: task token can only be used for the specific task

* clean up

* Add Caching of Blakclisted tokens, other small improvements.

* Update task_tokens.md

* Remove accidental commit of release notes.md

* Update secrets baseline

* Respond to PR comments.

* Update `can_user_get_task_token` implementation based on the PR comments.

* Clarifying comments and revert `/cdis/access_token`

* Respond to PR comments

* Add FIFO cache and bring back `EXP_ERR_TOLERANCE`

* Prevent audeince mismatch error.

* Update `is_task_token` functionality to be based on `claims["context"]["task_token_type"]`

* Include api key in test_revoke tests. Rename blacklist to denylist wherever needed.

* Replace `aud="gen3"` with a constant ;  separate larger unit tests

* Provide only default scopes for task token

* Add "user" scope to task tok... (continued)

8614 of 11423 relevant lines covered (75.41%)

0.75 hits per line

Coverage Regressions

Lines Coverage ∆ File
76
67.94
-0.12% blueprints/admin.py
40
75.13
0.0% blueprints/link.py
27
86.16
-0.88% auth.py
24
94.58
0.0% blueprints/data/indexd.py
23
78.03
2.01% blueprints/oauth2.py
18
45.45
0.0% oidc/endpoints.py
11
76.25
0.49% blueprints/storage_creds/api.py
7
83.61
22.18% jwt/validate.py
6
95.21
-0.5% jwt/token.py
5
91.07
6.29% jwt/blacklist.py
2
94.87
1.12% authz/auth.py
2
96.3
3.44% blueprints/storage_creds/__init__.py
2
80.0
12.35% resources/storage/cdis_jwt.py
Jobs
ID Job ID Ran Files Coverage
1 29038387428.1 09 Jul 2026 05:53PM UTC 122
75.41
GitHub Action Run
Source Files on build 29038387428
  • Tree
  • List 122
  • Changed 15
  • Source Changed 0
  • Coverage Changed 15
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • Github Actions Build #29038387428
  • 92f06793 on github
  • Prev Build on 13.1.2 (#27377391925)
  • Next Build on master (#29050860005)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc