Fix /validate_token to use server-configured validation instance#472
Merged
leoschwarz merged 3 commits intomainfrom Apr 13, 2026
Merged
Fix /validate_token to use server-configured validation instance#472leoschwarz merged 3 commits intomainfrom
leoschwarz merged 3 commits intomainfrom
Conversation
The endpoint was using the client-provided BfabricInstanceDep as the base_url for token validation. It now uses the validate_token() helper which reads validation_bfabric_instance from server settings and also checks that the token's caller is in supported_bfabric_instances. Closes #415
Tests now mock validate_token instead of get_token_data_async, no longer pass bfabric_instance as a query param, and verify settings are passed. Added test for unsupported instance rejection.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #415
/validate_tokenendpoint was incorrectly using the client-providedBfabricInstanceDepas thebase_urlfor token validationvalidate_token()helper frombfabric.rest.token_data, which readsvalidation_bfabric_instancefrom server settingscalleris insupported_bfabric_instances