Skip to content

authserver DCR hardening: Add grant_types and response_types allowlis…#3425

Merged
jhrozek merged 1 commit intomainfrom
auth-proxy-pr-10-2-2-dcr-harden
Jan 23, 2026
Merged

authserver DCR hardening: Add grant_types and response_types allowlis…#3425
jhrozek merged 1 commit intomainfrom
auth-proxy-pr-10-2-2-dcr-harden

Conversation

@jhrozek
Copy link
Copy Markdown
Contributor

@jhrozek jhrozek commented Jan 23, 2026

…t validation

Reject unsupported grant types and response types in DCR validation to prevent clients from requesting capabilities the server cannot fulfill (e.g. client_credentials, implicit token).

@github-actions github-actions bot added the size/XS Extra small PR: < 100 lines changed label Jan 23, 2026
@jhrozek jhrozek requested a review from tgrunnagle January 23, 2026 14:11
@codecov
Copy link
Copy Markdown

codecov bot commented Jan 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.83%. Comparing base (a7cde8a) to head (6ffcab7).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3425      +/-   ##
==========================================
- Coverage   64.87%   64.83%   -0.05%     
==========================================
  Files         383      383              
  Lines       37256    37278      +22     
==========================================
- Hits        24171    24170       -1     
- Misses      11200    11224      +24     
+ Partials     1885     1884       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jhrozek jhrozek force-pushed the auth-proxy-pr-10-2-2-dcr-harden branch from 94fba8e to 0986bf8 Compare January 23, 2026 14:29
@jhrozek
authserver DCR hardening: Add grant_types and response_types allowlis…
6ffcab7 
…t validation

Reject unsupported grant types and response types in DCR validation
to prevent clients from requesting capabilities the server cannot
fulfill (e.g. client_credentials, implicit token).
@jhrozek jhrozek force-pushed the auth-proxy-pr-10-2-2-dcr-harden branch from 0986bf8 to 6ffcab7 Compare January 23, 2026 14:48
@github-actions github-actions bot added size/S Small PR: 100-299 lines changed and removed size/XS Extra small PR: < 100 lines changed labels Jan 23, 2026
@jhrozek jhrozek merged commit 5429aa0 into main Jan 23, 2026
35 checks passed
@jhrozek jhrozek deleted the auth-proxy-pr-10-2-2-dcr-harden branch January 23, 2026 15:56
@RobertWi RobertWi mentioned this pull request Mar 2, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tgrunnagle tgrunnagle tgrunnagle approved these changes

Assignees

No one assigned

Labels

size/S Small PR: 100-299 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jhrozek @tgrunnagle