arcodange/dance-lessons-coach
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(auth): implement OIDC client methods (ADR-0028 Phase B.3) #74

Merged
arcodange merged 2 commits from vibe/batch6-task-oidc-client into main 2026-05-05 19:54:09 +02:00
Conversation 0 Commits 2 Files Changed 3 +671 -20
arcodange commented 2026-05-05 19:54:00 +02:00
Owner
Copy Link

Summary

ADR-0028 Phase B.3 — OIDC client implementation. Fills the 4 TODO methods of OIDCClient that PR #69 left as skeleton.

  • Discover(ctx) — fetch + cache .well-known
  • RefreshJWKS(ctx) — fetch JWKS, parse RSA public keys
  • ExchangeCode(ctx, code, codeVerifier, redirectURI) — POST token endpoint with PKCE
  • ValidateIDToken(ctx, idToken) — verify signature via JWKS, validate claims

Test plan

7 unit tests via httptest.NewServer mock provider — all green.

Authoring

Mostly Mistral Vibe (batch6, $3.51 / 46 steps). Trainer fixed 2 bugs that Mistral didn't catch (closure self-ref + req body POST). Pattern still demonstrates the multi-process orchestration is delivering substantial PRs autonomously.

## Summary ADR-0028 Phase B.3 — OIDC client implementation. Fills the 4 TODO methods of OIDCClient that PR #69 left as skeleton. - `Discover(ctx)` — fetch + cache .well-known - `RefreshJWKS(ctx)` — fetch JWKS, parse RSA public keys - `ExchangeCode(ctx, code, codeVerifier, redirectURI)` — POST token endpoint with PKCE - `ValidateIDToken(ctx, idToken)` — verify signature via JWKS, validate claims ## Test plan 7 unit tests via httptest.NewServer mock provider — all green. ## Authoring Mostly Mistral Vibe (batch6, $3.51 / 46 steps). Trainer fixed 2 bugs that Mistral didn't catch (closure self-ref + req body POST). Pattern still demonstrates the multi-process orchestration is delivering substantial PRs autonomously.
arcodange added 2 commits 2026-05-05 19:54:01 +02:00
📝 docs(changelog): record PRs #67-#71 2359837c8d
feat(auth): implement OIDC client methods (ADR-0028 Phase B.3) dd25d7d1ae 
Implements the 4 OIDCClient methods that were TODO skeletons in PR #69:
- Discover(ctx) — fetch + cache .well-known/openid-configuration
- RefreshJWKS(ctx) — fetch JWKS, parse RSA public keys (n/e base64-url)
- ExchangeCode(ctx, code, codeVerifier, redirectURI) — POST token endpoint with PKCE
- ValidateIDToken(ctx, idToken) — verify signature via JWKS, validate claims

Plus 7 unit tests using httptest.NewServer to mock the OIDC provider:
TestDiscover_HappyPath, TestDiscover_Idempotent, TestRefreshJWKS_HappyPath,
TestExchangeCode_HappyPath, TestValidateIDToken_HappyPath,
TestValidateIDToken_RejectsExpired, TestValidateIDToken_RejectsWrongIssuer.

Mostly authored by Mistral Vibe (batch6, $3.51 / 46 steps), trainer-takeover
on 2 bugs:
- closure auto-reference bug (server := httptest.NewServer with closure
  body referencing server.URL — needs var server *httptest.Server then
  server = ...)
- ExchangeCode body wasn't being sent (req.PostForm = form is wrong;
  must pass strings.NewReader(form.Encode()) as the request body)
arcodange merged commit 9b4087b765 into main 2026-05-05 19:54:09 +02:00
arcodange deleted branch vibe/batch6-task-oidc-client 2026-05-05 19:54:09 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
arcodange
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: arcodange/dance-lessons-coach#74
Delete Branch "vibe/batch6-task-oidc-client"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?