Skip to content

feat: add OAuth 2.1 authorization server module#18

Open
shivdeep1 wants to merge 1 commit into
mainfrom
worktree-agent-a3d5ae0f
Open

feat: add OAuth 2.1 authorization server module#18
shivdeep1 wants to merge 1 commit into
mainfrom
worktree-agent-a3d5ae0f

Conversation

@shivdeep1
Copy link
Copy Markdown
Contributor

@shivdeep1 shivdeep1 commented Apr 12, 2026

Summary

  • New airlock/oauth/ module with OAuth 2.1 authorization server
  • Client Credentials grant with private_key_jwt (Ed25519) authentication
  • RFC 8693 Token Exchange for delegation chains with scope narrowing
  • EdDSA-signed JWT access tokens with trust score claims
  • Token introspection with live trust data (RFC 7662)
  • OIDC discovery and JWKS endpoints
  • Dynamic client registration (RFC 7591)
  • Feature-flagged: AIRLOCK_OAUTH_ENABLED (default true)

Test plan

  • OAuth token endpoint returns valid JWT (54 new tests)
  • Client credentials grant verifies Ed25519 assertion
  • Token exchange produces scope-narrowed child tokens
  • Delegation depth limit enforced
  • Cascade revocation propagates to child tokens
  • Introspection returns live trust data
  • All existing tests pass (814 total, 0 regressions)

@shivdeep1 @claude
add OAuth 2.1 authorization server with client credentials and token …
005cbe2 
…exchange

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shivdeep1