Accept resolved Vertex OAuth bearer secrets and WIF auth_types#660
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Erin McNulty (erin2722)
changed the title
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3a0e2722d3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "Codex (@codex) review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "Codex (@codex) address that feedback".
| authType: z.enum([ | ||
| "access_token", | ||
| "oauth_bearer", | ||
| "service_account_key", | ||
| "workload_identity_federation", | ||
| ]), |
There was a problem hiding this comment.
Allowing "oauth_bearer" and "workload_identity_federation" here introduces a runtime failure path: these secrets now pass schema validation, but request handling still only treats authType === "access_token" as a bearer token and otherwise calls getGoogleAccessToken (which parses secret as a service-account JSON key). For resolved OAuth/WIF secrets (for example a raw access token or __VERTEX_WIF__ placeholder), this causes parse errors during request execution instead of a valid auth flow.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
support for these auth types aren't implemented in the legacy proxy, and so this comment isn't relevant
|
erin todo: pull out the secret config into its own schema |
|
failure unrelated, merging |
2 participants
No description provided.