• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

uc-cdis / fence / 29038387428 / 1
75%
master: 75%

Build:
DEFAULT BRANCH: master
Ran 09 Jul 2026 05:53PM UTC
Files 122
Run time 4s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

09 Jul 2026 05:48PM UTC coverage: 75.409% (+0.3%) from 75.073%
29038387428.1

push

github

web-flow
MIDRC-1285 MIDRC-1291 Task tokens + Access token denylist + Validate aud (#1356)

* validate audience = 'gen3'

* fix client_id in audience

* generate access token with additional aud

* add custom exp

* update authutils

* force adding TES aud to token from API key

* fix

* query param instead of body

* fix for old API keys and tokens

* do not force add work_order param

* comment

* clean up

* fix revoke invalid token logic

* client can revoke access token

* add token revocation and check status endpoints

* update swagger doc

* update comments

* simplify /token/blacklisted endpoint

* add log

* fix unit tests

* unit tests

* more expiration checks

* add authz check

* fix test

* latest commit of authutils branch

* fix to accept gen3-workflow s3 endpoint auth header

* handle blacklisted expired token

* fix typo

* remove custom revoke endpoint, no regular token revocation, remove scopes from aud

* validate_jwt does not check if regular token is blacklisted

* authz check

* revert 400 to 200 for genwf s3 endpoint use case

* rename work order token => task token

* update openapi doc

* fix getting auth mapping

* fix: task token can only be used for the specific task

* clean up

* Add Caching of Blakclisted tokens, other small improvements.

* Update task_tokens.md

* Remove accidental commit of release notes.md

* Update secrets baseline

* Respond to PR comments.

* Update `can_user_get_task_token` implementation based on the PR comments.

* Clarifying comments and revert `/cdis/access_token`

* Respond to PR comments

* Add FIFO cache and bring back `EXP_ERR_TOLERANCE`

* Prevent audeince mismatch error.

* Update `is_task_token` functionality to be based on `claims["context"]["task_token_type"]`

* Include api key in test_revoke tests. Rename blacklist to denylist wherever needed.

* Replace `aud="gen3"` with a constant ;  separate larger unit tests

* Provide only default scopes for task token

* Add "user" scope to task tok... (continued)

8614 of 11423 relevant lines covered (75.41%)

0.75 hits per line

Source Files on job 29038387428.1
  • Tree
  • List 122
  • Changed 15
  • Source Changed 0
  • Coverage Changed 15
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Build 29038387428
  • 92f06793 on github
  • Prev Job for on master (#27377391925.1)
  • Next Job for on master (#29050860005.1)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc