synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
coder/coderd/httpmw
History
Thomas Kosiewski 09c50559f3 feat: implement RFC 6750 Bearer token authentication (#18644) 
# Add RFC 6750 Bearer Token Authentication Support

This PR implements RFC 6750 Bearer Token authentication as an additional authentication method for Coder's API. This allows clients to authenticate using standard OAuth 2.0 Bearer tokens in two ways:

1. Using the `Authorization: Bearer <token>` header
2. Using the `access_token` query parameter

Key changes:

- Added support for extracting tokens from both Bearer headers and access_token query parameters
- Implemented proper WWW-Authenticate headers for 401/403 responses with appropriate error descriptions
- Added comprehensive test coverage for the new authentication methods
- Updated the OAuth2 protected resource metadata endpoint to advertise Bearer token support
- Enhanced the OAuth2 testing script to verify Bearer token functionality

These authentication methods are added as fallback options, maintaining backward compatibility with Coder's existing authentication mechanisms. The existing authentication methods (cookies, session token header, etc.) still take precedence.

This implementation follows the OAuth 2.0 Bearer Token specification (RFC 6750) and improves interoperability with standard OAuth 2.0 clients.
2025-07-02 19:14:54 +02:00
..
loggermw
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
patternmatcher
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
actor_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
actor.go
feat: implement provisioner auth middleware and proper org params (#12330)
2024-03-04 15:15:41 -06:00
apikey_test.go
chore: ensure proper rbac permissions on 'Acquire' file in the cache (#18348)
2025-06-16 13:40:45 +00:00
apikey.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
authorize_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
authz_test.go
fix: exit reset password request before passwords are compared (#13856)
2024-07-09 14:28:39 -05:00
authz.go
chore: avoid depending on rbac in slim builds (#17959)
2025-05-22 19:48:23 +10:00
clitelemetry.go
refactor(coderd/telemetry): move CLI telemetry to cli/telemetry (#9517)
2023-09-04 21:42:45 +03:00
cors_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
cors.go
chore: update golang to 1.24.1 (#17035)
2025-03-26 01:56:39 -05:00
csp_test.go
chore: remove ai tasks from experiment (#18511)
2025-06-24 16:24:01 +02:00
csp.go
chore: remove ai tasks from experiment (#18511)
2025-06-24 16:24:01 +02:00
csrf_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
csrf.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
experiments.go
feat: add port-sharing backend (#11939)
2024-02-13 09:31:20 -05:00
externalauthparam_test.go
chore: move /gitauth to /externalauth on the frontend (#9954)
2023-09-30 14:30:01 -05:00
externalauthparam.go
chore: move /gitauth to /externalauth on the frontend (#9954)
2023-09-30 14:30:01 -05:00
groupparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
groupparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
hsts_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
hsts.go
chore: enable exhaustruct linter (#8403)
2023-07-11 14:30:33 +01:00
httpmw_internal_test.go
feat: oauth2 - add RFC 8707 resource indicators and audience validation (#18575)
2025-07-02 17:49:00 +02:00
httpmw.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
notificationtemplateparam.go
feat: add notification preferences database & audit support (#14100)
2024-08-05 16:18:45 +02:00
oauth2_test.go
chore: add custom samesite options to auth cookies (#16885)
2025-04-08 14:15:14 -05:00
oauth2.go
feat: oauth2 - add authorization server metadata endpoint and PKCE support (#18548)
2025-07-01 15:39:29 +02:00
organizationparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
organizationparam.go
feat: allow TemplateAdmin to delete prebuilds via auth layer (#18333)
2025-06-20 17:36:32 +01:00
prometheus_test.go
chore: add missing prometheus tests for UNKNOWN/STATIC paths (#17446)
2025-04-17 13:50:18 +02:00
prometheus.go
feat: add path & method labels to prometheus metrics for current requests (#17362)
2025-04-16 11:10:39 +02:00
provisionerdaemon.go
chore: improve testing coverage on ExtractProvisionerDaemonAuthenticated middleware (#15622)
2024-11-26 04:02:20 +01:00
provisionerkey.go
chore: add provisioner key crud apis (#13857)
2024-07-16 13:27:12 -04:00
ratelimit_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
ratelimit.go
chore: ensure proper rbac permissions on 'Acquire' file in the cache (#18348)
2025-06-16 13:40:45 +00:00
realip_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
realip.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
recover_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
recover.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
requestid_test.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
requestid.go
feat: add request_id to HTTP trace spans (#10145)
2023-10-09 14:05:10 -05:00
rfc6750_extended_test.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
rfc6750_test.go
feat: implement RFC 6750 Bearer token authentication (#18644)
2025-07-02 19:14:54 +02:00
templateparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
templateparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
templateversionparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
templateversionparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
userparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
userparam.go
feat: remove site wide perms from creating a workspace (#17296)
2025-04-09 14:35:43 -05:00
workspaceagent_test.go
chore: join owner, template, and org in new workspace view (#15116)
2024-10-22 09:20:54 -05:00
workspaceagent.go
feat: add API key scope to restrict access to user data (#17692)
2025-05-15 15:32:52 +01:00
workspaceagentparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceagentparam.go
feat: extend request logs with auth & DB info (#17304)
2025-04-15 13:27:23 +02:00
workspacebuildparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspacebuildparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00
workspaceparam_test.go
chore: remove unnecessary redeclarations in for loops (#18440)
2025-06-20 13:16:55 -06:00
workspaceparam.go
feat: extend request logs with auth & DB info (#17304)
2025-04-15 13:27:23 +02:00
workspaceproxy_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceproxy.go
ci: bump the github-actions group with 4 updates (#15359)
2024-11-05 19:43:41 +11:00
workspaceresourceparam_test.go
chore(coderd/httpmw): remove dbmem usage from tests (#18146)
2025-06-02 13:57:56 +02:00
workspaceresourceparam.go
chore: add /v2 to import module path (#9072)
2023-08-18 18:55:43 +00:00