1
69%
master: 69%

Ran 11 Sep 2025 02:44PM UTC

Files 161

Run time 5s

Badge

Embed ▾

Committed 11 Sep 2025 02:36PM UTC coverage: 67.943% (-0.8%) from 68.733%

Job # 17648046512.1

Build Type

push

github

Committed by

web-flow

Commit Message

feat(oauth2): add `/oauth/token` endpoint (#2159)

## Summary
This PR completes the OAuth2 server implementation by adding the
`/token` endpoint, enabling full OAuth2 authorization code flow &
refresh token support.

## Key Features Added:
### OAuth Token Endpoint (POST /oauth/token) supporting:
- `authorization_code` grant type for exchanging authorization codes for
access
- refresh_token grant type for token refresh
- Both JSON and form-encoded request bodies
- OAuth Client authentication via Basic auth or request body parameters
(form params and JSON body)

### Token Service Integration:
- Integrated OAuth server with the existing token service
- Added OAuth-specific authentication method
(`oauth_provider/authorization_code`)
- Enhanced token generation to include OAuth client context in JWT
claims.

## Database Changes:
- Added `oauth_client_id` field to `sessions` table for OAuth client
tracking. So an OAuth clients can use a refresh token only if the
session is issued for them. Similarly, a session issued to a client can
only be refreshed by that client (i.e user can't use
`/token?grant_type=refresh_token` endpoint with a refresh token obtained
through `/oauth/token` endpoint.)

## Next Steps
- Adding ratelimit for the `/token` endpoint
- Store token auth method for oauth clients in the database

Run Details

12630 of 18589 relevant lines covered (67.94%)

65.72 hits per line

supabase / auth / 17648046512 / 1
69%
master: 69%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 17648046512.1

supabase / auth / 17648046512 / 1 69% master: 69%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 17648046512.1

supabase / auth / 17648046512 / 1
69%
master: 69%

README BADGES
x