shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 04:58:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7b06fc77ae4bf5a9a52c3e750ec580dcb8e2437f
coder/coderd/httpmw
T
History
Thomas Kosiewski 071383bbe8 feat: add RFC 9728 OAuth2 resource metadata support (#18920) 
# Enhanced OAuth2 and MCP Compliance for API Authentication

This PR improves OAuth2 and MCP (Microsoft Cloud for Sovereignty)
compliance by:

1. Adding RFC 9728 compliant `WWW-Authenticate` headers with resource
metadata URLs
2. Passing the configured `AccessURL` to API key middleware for proper
audience validation
3. Creating specialized CORS handling for OAuth2 and MCP endpoints with
appropriate headers
4. Making the `state` parameter optional in OAuth2 authorization
requests

These changes ensure proper OAuth2 token audience validation against the
configured access URL and improve interoperability with OAuth2 clients
by providing better error responses and metadata discovery.

Signed-off-by: Thomas Kosiewski <tk@coder.com>
2025-07-19 22:05:15 +02:00
..
loggermw
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
patternmatcher
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
actor_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
actor.go
feat: implement provisioner auth middleware and proper org params (#12330)
2024-03-04 15:15:41 -06:00
apikey_test.go
chore: ensure proper rbac permissions on 'Acquire' file in the cache (#18348)
2025-06-16 13:40:45 +00:00
apikey.go
feat: add RFC 9728 OAuth2 resource metadata support (#18920)
2025-07-19 22:05:15 +02:00
authorize_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
authz_test.go
fix: exit reset password request before passwords are compared (#13856)
2024-07-09 14:28:39 -05:00
authz.go
chore: avoid depending on rbac in slim builds (#17959)
2025-05-22 19:48:23 +10:00
clitelemetry.go
refactor(coderd/telemetry): move CLI telemetry to cli/telemetry (#9517)
2023-09-04 21:42:45 +03:00
cors_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
cors.go
feat: add RFC 9728 OAuth2 resource metadata support (#18920)
2025-07-19 22:05:15 +02:00
csp_test.go
feat: add RFC 9728 OAuth2 resource metadata support (#18920)
2025-07-19 22:05:15 +02:00
csp.go
chore: remove ai tasks from experiment (#18511)
2025-06-24 16:24:01 +02:00
csrf_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
csrf.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
experiments.go
feat: add MCP HTTP server experiment and improve experiment middleware (#18712)
2025-07-03 20:09:18 +02:00
externalauthparam_test.go
chore: move /gitauth to /externalauth on the frontend (#9954)
2023-09-30 14:30:01 -05:00
externalauthparam.go
chore: move /gitauth to /externalauth on the frontend (#9954)
2023-09-30 14:30:01 -05:00
groupparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
groupparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
hsts_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
hsts.go
chore: enable exhaustruct linter (#8403)
2023-07-11 14:30:33 +01:00
httpmw_internal_test.go
feat: add RFC 9728 OAuth2 resource metadata support (#18920)
2025-07-19 22:05:15 +02:00
httpmw.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
notificationtemplateparam.go
feat: add notification preferences database & audit support (#14100)
2024-08-05 16:18:45 +02:00
oauth2_test.go
chore: add custom samesite options to auth cookies (#16885)
2025-04-08 14:15:14 -05:00
oauth2.go
fix: return 404 instead of 401 for missing OAuth2 apps (#18755)
2025-07-07 19:57:32 +02:00
organizationparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
organizationparam.go
feat: allow TemplateAdmin to delete prebuilds via auth layer (#18333)
2025-06-20 17:36:32 +01:00
prometheus_test.go
chore: add missing prometheus tests for UNKNOWN/STATIC paths (#17446)
2025-04-17 13:50:18 +02:00
prometheus.go
feat: add path & method labels to prometheus metrics for current requests (#17362)
2025-04-16 11:10:39 +02:00
provisionerdaemon.go
chore: improve testing coverage on ExtractProvisionerDaemonAuthenticated middleware (#15622)
2024-11-26 04:02:20 +01:00
provisionerkey.go
chore: add provisioner key crud apis (#13857)
2024-07-16 13:27:12 -04:00
ratelimit_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
ratelimit.go
chore: ensure proper rbac permissions on 'Acquire' file in the cache (#18348)
2025-06-16 13:40:45 +00:00
realip_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
realip.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
recover_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
recover.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
requestid_test.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
requestid.go
feat: add request_id to HTTP trace spans (#10145)
2023-10-09 14:05:10 -05:00
rfc6750_extended_test.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
rfc6750_test.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
templateparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
templateparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
templateversionparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
templateversionparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
userparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
userparam.go
feat: remove site wide perms from creating a workspace (#17296)
2025-04-09 14:35:43 -05:00
workspaceagent_test.go
chore: join owner, template, and org in new workspace view (#15116)
2024-10-22 09:20:54 -05:00
workspaceagent.go
feat: add API key scope to restrict access to user data (#17692)
2025-05-15 15:32:52 +01:00
workspaceagentparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceagentparam.go
feat: extend request logs with auth & DB info (#17304)
2025-04-15 13:27:23 +02:00
workspacebuildparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspacebuildparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
workspaceparam_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
workspaceparam.go
feat: extend request logs with auth & DB info (#17304)
2025-04-15 13:27:23 +02:00
workspaceproxy_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceproxy.go
ci: bump the github-actions group with 4 updates (#15359)
2024-11-05 19:43:41 +11:00
workspaceresourceparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceresourceparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00