rose-ash

coop/rose-ash

Fork 0

Commit Graph

Author	SHA1	Message	Date
giles	20ba152e36	identity: wire refresh into oauth + e2e flow tests (Phase 2 complete, +3 tests) Some checks failed Test, Build, and Deploy / test-build-deploy (push) Failing after 53s Details exchange now issues an access+refresh pair (RFC 6749 §4.1.4/§5.1) via token.sx issue_grant; added the refresh grant (§6) delegating to token rotation. End-to-end: code-exchange → refresh → introspect (active), refresh-token reuse rejected (invalid_grant), and revoke-then-refresh blocked by grant cascade. oauth 17/17, 65/65. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 00:35:10 +00:00
giles	27f43dbf10	identity: OAuth2 authorization-code flow as message protocol + PKCE (14 tests) Some checks failed Test, Build, and Deploy / test-build-deploy (push) Failing after 54s Details oauth.sx — RFC 6749 §4.1 as a state machine on one authz-server process: authorize → {consent_required} → consent(allow\|deny) → {code} → exchange → {ok, Token}. Exchange enforces single-use codes (§10.5, replay → invalid_grant), client_id + redirect_uri binding (§4.1.3), and PKCE (RFC 7636 plain) verifier match. Issued tokens are grant-backed via token.sx so revocation stays real. 53/53. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 00:11:18 +00:00

Author

SHA1

Message

Date

giles

20ba152e36

identity: wire refresh into oauth + e2e flow tests (Phase 2 complete, +3 tests)

Test, Build, and Deploy / test-build-deploy (push) Failing after 53s

Details

exchange now issues an access+refresh pair (RFC 6749 §4.1.4/§5.1) via
token.sx issue_grant; added the refresh grant (§6) delegating to token
rotation. End-to-end: code-exchange → refresh → introspect (active),
refresh-token reuse rejected (invalid_grant), and revoke-then-refresh
blocked by grant cascade. oauth 17/17, 65/65.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-07 00:35:10 +00:00

giles

27f43dbf10

identity: OAuth2 authorization-code flow as message protocol + PKCE (14 tests)

Test, Build, and Deploy / test-build-deploy (push) Failing after 54s

Details

oauth.sx — RFC 6749 §4.1 as a state machine on one authz-server process:
authorize → {consent_required} → consent(allow|deny) → {code} → exchange
→ {ok, Token}. Exchange enforces single-use codes (§10.5, replay →
invalid_grant), client_id + redirect_uri binding (§4.1.3), and PKCE
(RFC 7636 plain) verifier match. Issued tokens are grant-backed via
token.sx so revocation stays real. 53/53.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-07 00:11:18 +00:00

2 Commits