mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-06-22 10:02:15 +00:00
1ad2164948
`TestAPIAuthWithAuthorizedIntegration` has [occasionally failed](https://codeberg.org/forgejo/forgejo/actions/runs/166572/jobs/8/attempt/1#jobstep-4-2101) in the integration test steps with the unexpected output `authorized integration: parse JWT error: token is unverifiable: error while executing keyfunc: no key identified`. This indicates that the authorized integration being tested was fully validated until the JWT signature, but the signature was not accessible from the JWKS remote, which is hosted within the integration test. This doesn't seem to make sense to me. This PR extends "no key identified" to indicate what key came from the JWT, and what keys were present in the JWKS file, so that I can see why they're not matching. This information could be generally useful in a 401 error when trying to understand authorized integration failures and doesn't pose a security risk as the keys are public information. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [ ] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12903 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|---|---|---|
| .. | ||
| access_token.go | ||
| action_runtime_token.go | ||
| action_runtime_token_test.go | ||
| action_task_token.go | ||
| additional_scopes_test.go | ||
| auth.go | ||
| auth_result_accesstoken.go | ||
| auth_result_actionstask.go | ||
| auth_result_authorized_integration.go | ||
| auth_result_basicpassword.go | ||
| auth_result_httpsign.go | ||
| auth_result_lfs_token.go | ||
| auth_result_oauth.go | ||
| auth_result_reverseproxy.go | ||
| auth_result_session.go | ||
| authorized_integration.go | ||
| authorized_integration_claims.go | ||
| authorized_integration_claims_test.go | ||
| authorized_integration_test.go | ||
| basic.go | ||
| group.go | ||
| httpsign.go | ||
| lfs_token.go | ||
| lfs_token_test.go | ||
| main_test.go | ||
| oauth2.go | ||
| reverseproxy.go | ||
| reverseproxy_test.go | ||
| session.go | ||
| signin.go | ||
| util.go | ||
| util_test.go | ||