Skip to content

feat: add additional auth provider that uses oauth token introspection #2187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ashwinb merged 1 commit into from
May 21, 2025
Merged

feat: add additional auth provider that uses oauth token introspection #2187

ashwinb merged 1 commit into from
May 21, 2025

Conversation

@grs
Copy link
Contributor

@grs grs commented May 16, 2025
edited
Loading

What does this PR do?

This adds an alternative option to the oauth_token auth provider that can be used with existing authorization services which support token introspection as defined in RFC 7662. This could be useful where token revocation needs to be handled or where opaque tokens (or other non jwt formatted tokens) are used

Test Plan

Tested against keycloak

@facebook-github-bot facebook-github-bot added the CLA Signed This label is managed by the Meta Open Source bot. label May 16, 2025
@ashwinb ashwinb mentioned this pull request May 16, 2025
Merged
@grs
Copy link
Contributor Author

grs commented May 19, 2025

@ashwinb I have updated this to add an alternative behaviour to your oauth_token provider, rather than having a distinct provider.

ashwinb
ashwinb reviewed May 19, 2025
View reviewed changes
leseb
leseb reviewed May 20, 2025
View reviewed changes
@grs grs requested a review from bbrowning as a code owner May 20, 2025 14:07
ashwinb
ashwinb reviewed May 20, 2025
View reviewed changes
ashwinb
ashwinb approved these changes May 20, 2025
View reviewed changes
Copy link
Contributor

@ashwinb ashwinb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

woot. I have one comment inline about validation but looks good otherwise.

@grs grs force-pushed the rfc7662 branch 2 times, most recently from 5c25a19 to c31fc60 Compare May 20, 2025 17:39
@grs
feat: Extend the oauth_token provider to allow for token introspection
7ee1ae0 
This may be desired in order to reject revoked tokens or where opaque
tokens are used.

Signed-off-by: Gordon Sim <[email protected]>
@ashwinb ashwinb merged commit 091d8c4 into llamastack:main May 21, 2025
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leseb leseb leseb left review comments

@ashwinb ashwinb ashwinb approved these changes

@yanxi0830 yanxi0830 Awaiting requested review from yanxi0830

@hardikjshah hardikjshah Awaiting requested review from hardikjshah

@raghotham raghotham Awaiting requested review from raghotham raghotham is a code owner

@ehhuang ehhuang Awaiting requested review from ehhuang ehhuang is a code owner

@terrytangyuan terrytangyuan Awaiting requested review from terrytangyuan

@bbrowning bbrowning Awaiting requested review from bbrowning bbrowning is a code owner

Assignees

No one assigned

Labels

CLA Signed This label is managed by the Meta Open Source bot.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@grs @ashwinb @leseb @facebook-github-bot