Skip to content

Test unreachable JWKS URIs#1099

Merged
jviotti merged 1 commit into
mainfrom
unreachable-tes
Jul 2, 2026
Merged

Test unreachable JWKS URIs#1099
jviotti merged 1 commit into
mainfrom
unreachable-tes

Conversation

@jviotti

@jviotti jviotti commented Jul 2, 2026

Copy link
Copy Markdown
Member

Signed-off-by: Juan Cruz Viotti jv@jviotti.com

Review in cubic

Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

Re-trigger cubic

@augmentcode

augmentcode Bot commented Jul 2, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: This PR extends the auth-path enterprise E2E suite to cover JWT policies whose OIDC discovery/JWKS endpoints are unreachable.

Changes:

  • Added an unreachable JWT authentication policy that omits jwksUri to force issuer discovery.
  • Added an unreachable schema content root and a minimal record.json schema under it.
  • Extended jwt.all.hurl with a new scenario asserting that discovery failure results in a 401 problem response that still validates against the error schema.

Technical Notes: The new scenario exercises the server’s fail-closed behavior when issuer discovery cannot be performed.

🤖 Was this summary useful? React with 👍 or 👎

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 1 suggestion posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

"type": "jwt",
"name": "unreachable",
"paths": [ "/unreachable" ],
"issuer": "https://unreachable.example.invalid",

@augmentcode augmentcode Bot Jul 2, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This issuer is intentionally unreachable, but it will still trigger a real OIDC discovery HTTP fetch on the first request to /unreachable (and discovery failures aren’t cached), so this can add up to the full JWKS fetcher timeout per request and potentially slow/flake the e2e run.

Severity: low

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Benchmark Index (community)

Details
Benchmark suite Current: 4d0651b Previous: 0d9e3be Ratio
Add one schema (0 existing) 435 ms 361 ms 1.20
Add one schema (100 existing) 32 ms 23 ms 1.39
Add one schema (1000 existing) 92 ms 71 ms 1.30
Add one schema (10000 existing) 826 ms 592 ms 1.40
Update one schema (1 existing) 25 ms 17 ms 1.47
Update one schema (101 existing) 32 ms 26 ms 1.23
Update one schema (1001 existing) 93 ms 73 ms 1.27
Update one schema (10001 existing) 802 ms 605 ms 1.33
Cached rebuild (1 existing) 8 ms 4 ms 2
Cached rebuild (101 existing) 10 ms 6 ms 1.67
Cached rebuild (1001 existing) 33 ms 19 ms 1.74
Cached rebuild (10001 existing) 299 ms 168 ms 1.78
Index 100 schemas 699 ms 630 ms 1.11
Index 1000 schemas 1661 ms 1369 ms 1.21
Index 10000 schemas 13946 ms 12029 ms 1.16
Index 10000 schemas (custom meta-schema) 16827 ms 14432 ms 1.17
Index 10000 schemas ($ref fan-out) 17434 ms 14404 ms 1.21

This comment was automatically generated by workflow using github-action-benchmark.

@jviotti jviotti merged commit 1554404 into main Jul 2, 2026
5 checks passed
@jviotti jviotti deleted the unreachable-tes branch July 2, 2026 18:16

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Benchmark Index (enterprise)

Details
Benchmark suite Current: 4d0651b Previous: 0d9e3be Ratio
Add one schema (0 existing) 527 ms 534 ms 0.99
Add one schema (100 existing) 106 ms 105 ms 1.01
Add one schema (1000 existing) 159 ms 156 ms 1.02
Add one schema (10000 existing) 743 ms 760 ms 0.98
Update one schema (1 existing) 98 ms 98 ms 1
Update one schema (101 existing) 103 ms 102 ms 1.01
Update one schema (1001 existing) 157 ms 155 ms 1.01
Update one schema (10001 existing) 745 ms 788 ms 0.95
Cached rebuild (1 existing) 8 ms 8 ms 1
Cached rebuild (101 existing) 10 ms 10 ms 1
Cached rebuild (1001 existing) 31 ms 31 ms 1
Cached rebuild (10001 existing) 256 ms 264 ms 0.97
Index 100 schemas 640 ms 780 ms 0.82
Index 1000 schemas 1759 ms 1740 ms 1.01
Index 10000 schemas 14337 ms 14938 ms 0.96
Index 10000 schemas (custom meta-schema) 17358 ms 17206 ms 1.01
Index 10000 schemas ($ref fan-out) 17723 ms 17331 ms 1.02

This comment was automatically generated by workflow using github-action-benchmark.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant