feat(oidc): add post route for /userinfo

[scottmckendry]

easy one-liner to pass oidcc-userinfo-post-header test in conformance suite.

Before:

After:

Summary by CodeRabbit

• New Features
  • The OIDC userinfo endpoint now accepts POST requests in addition to GET, improving compatibility with clients that use POST.
  • POST-based userinfo requests will be handled without enforcing the usual session/basic-auth middleware, ensuring smoother exchange for supported client workflows.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 485c3e2f-5942-41f4-94be-cbeb5f092224

📥 Commits

Reviewing files that changed from the base of the PR and between 92d9491 and 5aab740.

📒 Files selected for processing (2)

• internal/controller/oidc_controller.go
• internal/middleware/context_middleware.go

✅ Files skipped from review due to trivial changes (1)

• internal/middleware/context_middleware.go

🚧 Files skipped from review as they are similar to previous changes (1)

• internal/controller/oidc_controller.go

---

📝 Walkthrough

Walkthrough

Added a POST route for /oidc/userinfo in the OIDC controller and updated context middleware to skip session/basic-auth for POST /api/oidc/userinfo, allowing that POST path to bypass the middleware and reach handlers directly.

Changes

Cohort / File(s)	Summary
OIDC Route Addition internal/controller/oidc_controller.go	Registered a new POST /oidc/userinfo route mapped to the existing Userinfo handler (in addition to existing GET).
Middleware Skip Path internal/middleware/context_middleware.go	Added POST /api/oidc/userinfo to contextSkipPathsPrefix, causing the ContextMiddleware to call c.Next() for that method+path (bypasses session/basic-auth logic).

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Router
    participant ContextMiddleware
    participant Controller as UserinfoHandler

    Client->>Router: POST /api/oidc/userinfo
    Router->>ContextMiddleware: dispatch request
    ContextMiddleware-->>Router: c.Next() (path in skip list)
    Router->>UserinfoHandler: invoke Userinfo
    UserinfoHandler-->>Client: 200 / userinfo response

Loading

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• refactor: use better ignore paths in context middleware #743 — Refactors and expands the middleware ignore-path logic; touches the same ignore-list behavior adjusted here.

Poem

🐰 A quick hop, a route in spring,
POST and GET now dance and sing.
One middleware nod, it steps aside,
So Userinfo greets the POST with pride. 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title directly and accurately summarizes the main change: adding a POST route for the /userinfo endpoint in the OIDC controller.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 19.14%. Comparing base (165197e) to head (5aab740).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #767      +/-   ##
==========================================
+ Coverage   19.12%   19.14%   +0.02%     
==========================================
  Files          50       50              
  Lines        3917     3918       +1     
==========================================
+ Hits          749      750       +1     
  Misses       3095     3095              
  Partials       73       73              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@internal/controller/oidc_controller.go`:
- Line 73: The POST route oidcGroup.POST("/userinfo", controller.Userinfo) is
not covered by the skip list in the context middleware, so add a matching skip
entry for the POST method and path "/api/oidc/userinfo" in the middleware's skip
configuration (the skip list handling in context_middleware.go that currently
only contains "GET /api/oidc/userinfo"), ensuring the middleware treats POST
/api/oidc/userinfo the same as the GET entry so controller.Userinfo is reached
without being blocked.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 985d55d4-2923-433f-a1fa-076bb2bc8d09

📥 Commits

Reviewing files that changed from the base of the PR and between 165197e and 92d9491.

📒 Files selected for processing (1)

• internal/controller/oidc_controller.go

[scottmckendry]

correction: this is now two lines instead of one...