hzhang/Dialectic.Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b2f2fae3085bdb05373448a1b8f43a0ce92d8ff
Dialectic.Backend/internal/httpapi
History
hzhang 7b2f2fae30 Accept Tessera (Keycloak-compatible) OIDC tokens as API bearer 
Adds an additive bearer-verification path: verify RS256 access tokens against
Tessera's JWKS (iss/aud/exp), map sub/preferred_username/email + roles
(realm_access.roles, resource_access.<audience>.roles) to the app's identity.
Existing auth (API keys / app JWTs / sessions) is unchanged. Issuer + audience
are env-configurable. Validated end-to-end against the local sim.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 15:11:30 +01:00
..
handlers
fix(oidc): clamp post_login_redirect to CORS allow-list (open-redirect)
2026-05-24 10:03:53 +01:00
routes.go
Accept Tessera (Keycloak-compatible) OIDC tokens as API bearer
2026-06-02 15:11:30 +01:00