Alan-Jowett / CoPilot-For-Consensus / 20361587338 / 11
78%
main: 78%

DEFAULT BRANCH: main
Ran
Files 2
Run time 23min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 66.109%. Remained the same
20361587338.11

push

github

web-flow 
Add Auth microservice for OIDC authentication with local JWT minting (#406)

* Initial plan

* Implement OIDC providers and JWT manager in copilot_auth adapter

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Create auth microservice with FastAPI endpoints and JWT support

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add auth service to docker-compose and create JWT middleware

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add authentication documentation and update main README

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Address security review feedback: remove keys from git, fix callback tampering, fix subject claim

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add comprehensive implementation summary for Auth microservice

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Security hardening and architectural improvements for auth service

This commit addresses multiple architectural and security concerns:

Architectural improvements:
- Move JWT middleware from auth service to copilot_auth adapter for reusability
- Simplify auth config to use TypedConfig directly (remove Pydantic wrapper)
- Delegate secret provider selection to factory pattern (copilot_secrets)
- Add backward-compatible re-export in auth/app/middleware.py

Security fixes:
- Fix JWKS cache to support key rotation (TTL: 3600s, periodic refresh)
- Fix userinfo endpoint circular trust (validate against configured audiences)
- Add session TTL (600s) and periodic cleanup (60s) to prevent memory leaks
- Enhance error handling with specific exception categories
- Rewrite web UI documentation to use secure patterns (httpOnly cookies)
- Remove insecure examples (localStorage, tokens in URLs)

Monitoring and observability:
- Add comprehensive metrics instrumentation (6 counters with labels)
- Track: l... (continued)

158 of 239 relevant lines covered (66.11%)

0.66 hits per line

Source Files on job orchestrator - 20361587338.11