Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: add authorization server metadata endpoint and PKCE support#18548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Draft
ThomasK33 wants to merge1 commit intomain
base:main
Choose a base branch
Loading
fromthomask33/06-24-feat_oauth2_add_authorization_server_metadata_endpoint_and_pkce_support
Draft
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 158 additions & 4 deletionsCLAUDE.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -2,6 +2,22 @@

Read[cursor rules](.cursorrules).

##Quick Start Checklist for New Features

###Before Starting

-[ ] Run`git pull` to ensure you're on latest code
-[ ] Check if feature touches database - you'll need migrations
-[ ] Check if feature touches audit logs - update`enterprise/audit/table.go`

##Development Server

###Starting Development Mode

- Use`./scripts/develop.sh` to start Coder in development mode
- This automatically builds and runs with`--dev` flag and proper access URL
- Do NOT manually run`make build && ./coder server --dev` - use the script instead

##Build/Test/Lint Commands

###Main Commands
Expand DownExpand Up@@ -34,6 +50,7 @@ Read [cursor rules](.cursorrules).
- Use`gofumpt` for formatting
- Create packages when used during implementation
- Validate abstractions against implementations
-**Test packages**: Use`package_test` naming (e.g.,`identityprovider_test`) for black-box testing

###Error Handling

Expand DownExpand Up@@ -63,11 +80,45 @@ Read [cursor rules](.cursorrules).
- Keep message titles concise (~70 characters)
- Use imperative, present tense in commit titles

##Database queries
##Database Work

###Migration Guidelines

1.**Create migration files**:
- Location:`coderd/database/migrations/`
- Format:`{number}_{description}.{up|down}.sql`
- Number must be unique and sequential
- Always include both up and down migrations

2.**Update database queries**:
- MUST DO! Any changes to database - adding queries, modifying queries should be done in the`coderd/database/queries/*.sql` files
- MUST DO! Queries are grouped in files relating to context - e.g.`prebuilds.sql`,`users.sql`,`oauth2.sql`
- After making changes to any`coderd/database/queries/*.sql` files you must run`make gen` to generate respective ORM changes

3.**Handle nullable fields**:
- Use`sql.NullString`,`sql.NullBool`, etc. for optional database fields
- Set`.Valid = true` when providing values
- Example:

```go
CodeChallenge: sql.NullString{
String: params.codeChallenge,
Valid: params.codeChallenge !="",
}
```

- MUST DO! Any changes to database - adding queries, modifying queries should be done in the`coderd\database\queries\*.sql` files. Use`make gen` to generate necessary changes after.
- MUST DO! Queries are grouped in files relating to context - e.g.`prebuilds.sql`,`users.sql`,`provisionerjobs.sql`.
- After making changes to any`coderd\database\queries\*.sql` files you must run`make gen` to generate respective ORM changes.
4. **Audit table updates**:
-If adding fields to auditable types, update`enterprise/audit/table.go`
-Add each new field with appropriateaction (ActionTrack,ActionIgnore,ActionSecret)
-Run`make gen` to verify no audit errors

###DatabaseGenerationProcess

1.ModifySQL files in`coderd/database/queries/`
2.Run`make gen`
3.If errors about audit table, update`enterprise/audit/table.go`
4.Run`make gen` again
5.Run`make lint` to catch any remaining issues

##Architecture

Expand All@@ -78,6 +129,14 @@ Read [cursor rules](.cursorrules).
- **Agents**:Services in remote workspaces providing features likeSSH and port forwarding
- **Workspaces**:Cloud resources defined byTerraform

###AddingNewAPIEndpoints

1. **Define types** in`codersdk/`package
2. **Add handler** in appropriate`coderd/` file
3. **Register route** in`coderd/coderd.go`
4. **Add tests** in`coderd/*_test.go` files
5. **UpdateOpenAPI** by running`make gen`

##Sub-modules

###TemplateSystem
Expand All@@ -104,3 +163,98 @@ Read [cursor rules](.cursorrules).
The frontend is contained in the site folder.

For buildingFrontend refer to [this document](docs/about/contributing/frontend.md)

##CommonPatterns

###OAuth2/AuthenticationWork

-Typesgo in`codersdk/oauth2.go` or similar
-Handlersgo in`coderd/oauth2.go` or`coderd/identityprovider/`
-Database fields need migration + audit table updates
-Always support backward compatibility

##OAuth2Development

###OAuth2ProviderImplementation

When working onOAuth2 provider features:

1. **OAuth2SpecCompliance**:
-FollowRFC6749for token responses
-Use`expires_in` (seconds) not`expiry` (timestamp) in token responses
-Return properOAuth2error format:`{"error": "code", "error_description": "details"}`

2. **ErrorResponseFormat**:
-CreateOAuth2-complianterror responsesfor token endpoint
-Use standarderror codes:`invalid_client`,`invalid_grant`,`invalid_request`
-Avoid genericerror responsesforOAuth2 endpoints

3. **TestingOAuth2Features**:
-Use scripts in`./scripts/oauth2/`for testing
-Run`./scripts/oauth2/test-mcp-oauth2.sh`for comprehensive tests
-Manual testing: use`./scripts/oauth2/test-manual-flow.sh`

4. **PKCEImplementation**:
-Support both with and withoutPKCEfor backward compatibility
-UseS256 methodfor code challenge
-Properly validate code_verifier against stored code_challenge

5. **UIAuthorizationFlow**:
-UsePOST requestsfor consent, notGET with links
-Avoid dependency on referer headersfor security decisions
-Support proper state parameter validation

###OAuth2ErrorHandlingPattern

```go
// Define specific OAuth2 errors
var (
errInvalidPKCE = xerrors.New("invalid code_verifier")
)
// Use OAuth2-compliant error responses
type OAuth2Error struct {
Error string`json:"error"`
ErrorDescription string`json:"error_description,omitempty"`
}
// Return proper OAuth2 errors
if errors.Is(err, errInvalidPKCE) {
writeOAuth2Error(ctx, rw, http.StatusBadRequest, "invalid_grant", "The PKCE code verifier is invalid")
return
}
```

###TestingPatterns

-Use table-driven testsfor comprehensive coverage
-Mock external dependencies
-Test both positive and negative cases
-Use`testutil.WaitLong`for timeouts in tests

##TestingScripts

###OAuth2TestScripts

Located in`./scripts/oauth2/`:

-`test-mcp-oauth2.sh` -Full automated test suite
-`setup-test-app.sh` -Create testOAuth2 app
-`cleanup-test-app.sh` -Remove test app
-`generate-pkce.sh` -GeneratePKCE parameters
-`test-manual-flow.sh` -Manual browser testing

Always run the full test suite afterOAuth2 changes:

```bash
./scripts/oauth2/test-mcp-oauth2.sh
```

##Troubleshooting

###CommonIssues

1. **"Audit table entry missing action"** -Update`enterprise/audit/table.go`
2. **"package should be X_test"** -Use`package_test` namingfor test files
3. **SQLtype errors** -Use`sql.Null*` typesfor nullable fields
4. **Missing newlines** -Ensure files end with newline character
128 changes: 125 additions & 3 deletionscoderd/apidoc/docs.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more abouthow customized files appear on GitHub.

Loading
Loading
[8]ページ先頭
©2009-2025 Movatter.jp