docs(api-clients): add OAuth authentication examples for all SDK languages#245
Open
steve-calvert-glean wants to merge 3 commits intomainfrom
Open
docs(api-clients): add OAuth authentication examples for all SDK languages#245steve-calvert-glean wants to merge 3 commits intomainfrom
steve-calvert-glean wants to merge 3 commits intomainfrom
Conversation
…uages Add comprehensive OAuth authentication documentation to all four API client libraries (Go, Java, Python, TypeScript). Each includes: - Prerequisites and admin configuration links - Required headers table (Authorization, X-Glean-Auth-Type) - Complete authorization code flow example using idiomatic libraries - Token refresh tips for production use 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![glean-it[bot]](https://avatars.githubusercontent.com/u/48140418?s=60&v=4){kind=small}
Address PR review feedback:
- TypeScript: Add PKCE (code_challenge, code_verifier) and state
verification using openid-client v6 correct API
- Java: Fix Spring Security YAML structure with proper named
registration/provider ("glean") and authorization-grant-type
- Go: Add cryptographic state generation and validation to prevent
CSRF attacks (was using hardcoded "state")
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
| ClientID: os.Getenv("OAUTH_CLIENT_ID"), | ||
| ClientSecret: os.Getenv("OAUTH_CLIENT_SECRET"), | ||
| RedirectURL: "http://localhost:8080/callback", | ||
| Scopes: []string{"openid", "email"}, |
Member
There was a problem hiding this comment.
3/5 (strong opinion: non-blocking)
This should include offline_access to showcase getting a refresh token
Comment on lines
348
to
362
| func handleLogin(w http.ResponseWriter, r *http.Request) { | ||
| state, err := generateState() | ||
| if err != nil { | ||
| http.Error(w, "Failed to generate state", http.StatusInternalServerError) | ||
| return | ||
| } | ||
|
|
||
| // Store state for CSRF validation | ||
| stateMu.Lock() | ||
| stateStore[state] = true | ||
| stateMu.Unlock() | ||
|
|
||
| url := oauthConfig.AuthCodeURL(state) | ||
| http.Redirect(w, r, url, http.StatusTemporaryRedirect) | ||
| } |
Member
There was a problem hiding this comment.
4/5 (serious issue: blocking)
Have we validated this code works? We're OAuth 2.1 so state is optional and not even recommended but PKCE is required.
That we're generating a state suggests we might be not generating a PKCE challenge.
- Go: Use correct Search.Query() with components.SearchRequest, add PKCE with oauth2.GenerateVerifier/S256ChallengeOption/VerifierOption - Java: Add Spring Security PKCE config, use correct search().query() API - Python: Add PKCE via code_challenge_method='S256', use models.SearchRequest - TypeScript: Use correct search.query() API (not search.search()) All examples now use real SDK APIs verified from GitHub READMEs and include proper PKCE implementation for secure OAuth flows. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
pnpm build🤖 Generated with Claude Code