Skip to content

MIDRC-1285 Validate token audience#110

Open
paulineribeyre wants to merge 13 commits into
masterfrom
validate-aud
Open

MIDRC-1285 Validate token audience#110
paulineribeyre wants to merge 13 commits into
masterfrom
validate-aud

Conversation

@paulineribeyre

@paulineribeyre paulineribeyre commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Link to JIRA ticket if there is one: https://ctds-planx.atlassian.net/browse/MIDRC-1285

Reverts changes from #87, except the default audience is now "gen3"

New Features

Breaking Changes

Bug Fixes

Improvements

Dependency updates

Deployment changes

@paulineribeyre paulineribeyre mentioned this pull request Jun 9, 2026
Open
@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown

The style in this PR agrees with black. ✔️

This formatting comment was generated automatically by a script in uc-cdis/wool.

@coveralls

coveralls commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown

Coverage Report for CI Build 27558089821

Coverage increased (+0.2%) to 60.246%

Details

  • Coverage increased (+0.2%) from the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • 20 coverage regressions across 2 files.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

20 previously-covered lines in 2 files lost coverage.

File Lines Losing Coverage Coverage
authutils/token/core.py 10 80.36%
authutils/user.py 10 70.45%

Coverage Stats

Coverage Status
Relevant Lines: 488
Covered Lines: 294
Line Coverage: 60.25%
Coverage Strength: 0.6 hits per line
💛 - Coveralls

nss10
nss10 reviewed Jun 15, 2026
View reviewed changes
Comment thread src/authutils/token/validate.py Outdated
scopes, audience and purpose (all optional).

Args:
audience (Optional[str|set])

@nss10 nss10 Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

audience scope

@nss10 nss10 self-requested a review June 23, 2026 22:55
@nss10 nss10 marked this pull request as ready for review June 23, 2026 22:55
@nss10 nss10 requested a review from Avantol13 June 23, 2026 22:55
Avantol13
Avantol13 requested changes Jun 24, 2026
View reviewed changes

@Avantol13 Avantol13 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remember to add info to "Breaking Changes" in the PR description

Comment thread src/authutils/token/validate.py Outdated
scopes, audience and purpose (all optional).

Args:
audience (Optional[str|set])

@Avantol13 Avantol13 Jun 11, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

scope

Comment thread src/authutils/user.py

def set_current_user(**kwargs):
# If not already passed an aud to expect, default to the generic "gen3" aud
kwargs.setdefault("jwt_kwargs", {}).setdefault("audience", "gen3")

@Avantol13 Avantol13 Jun 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"gen3" is a configuration in Fence, so it should ideally be a configuration or passed in here as an arg. If someone changes it - we need to allow that value here. Alternatively, we could not put it in config in Fence and just hard-code it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avantol13 Avantol13 Avantol13 requested changes
@nss10 nss10 Awaiting requested review from nss10

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@paulineribeyre @coveralls @Avantol13 @nss10