Complete echo-http environment variable documentation#25
Merged
lambdalisue merged 1 commit intomainfrom Jan 6, 2026
Merged
Conversation
…ve unimplemented feature The AUTH_ALLOWED_GRANT_TYPES default was incomplete, missing 'password' and 'refresh_token' grant types that are actually implemented. The documentation also lacked AUTH_ALLOWED_USERNAME/PASSWORD variables and their default values, making it difficult for users to understand shared authentication configuration. OIDC_ENABLE_JWT_SIGNING was defined but never used - the implementation always generates JWT with alg="none". Removing this prevents user confusion and reduces maintenance burden. Changes: - Fix AUTH_ALLOWED_GRANT_TYPES default to include all 4 supported types - Add Authentication Configuration section for shared credentials - Document AUTH_ALLOWED_USERNAME/PASSWORD with defaults - Remove unused OIDC_ENABLE_JWT_SIGNING from all config structs
There was a problem hiding this comment.
Pull request overview
This PR completes the environment variable documentation for the echo-http service by updating default values, adding missing configuration details, and removing dead code. The changes ensure users can properly configure authentication without needing to read source code.
- Fixed
AUTH_ALLOWED_GRANT_TYPESdefault to include all 4 implemented grant types - Added new "Authentication Configuration" section documenting shared credentials (
AUTH_ALLOWED_USERNAMEandAUTH_ALLOWED_PASSWORD) - Removed unused
OIDC_ENABLE_JWT_SIGNINGconfiguration that was never implemented
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
echo-http/config.go |
Updated AUTH_ALLOWED_GRANT_TYPES default to include password and refresh_token; removed unused OIDCEnableJWTSigning field |
echo-http/handlers/config.go |
Removed unused OIDCEnableJWTSigning field from handlers Config struct |
echo-http/main.go |
Removed OIDCEnableJWTSigning field mapping when initializing handlers config |
echo-http/docs/api.md |
Added "Authentication Configuration" section; updated OAuth2 table with complete grant types default; removed OIDC JWT signing documentation; updated Basic Auth and Bearer Token sections with default values |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AUTH_ALLOWED_GRANT_TYPESdefault to include all 4 supported grant types (authorization_code, client_credentials, password, refresh_token)AUTH_ALLOWED_USERNAMEandAUTH_ALLOWED_PASSWORDwith their default valuesOIDC_ENABLE_JWT_SIGNINGconfiguration optionWhy
The API documentation was incomplete and misleading:
Incomplete default values:
AUTH_ALLOWED_GRANT_TYPESdefault only listed 2 out of 4 implemented grant types, preventing users from discovering password and refresh_token flows without reading source code.Missing shared credentials:
AUTH_ALLOWED_USERNAMEandAUTH_ALLOWED_PASSWORDwere undocumented despite being used across Basic Auth, Bearer Token, and OAuth2/OIDC flows. Users had no way to know these variables existed or their default values.Dead code confusion:
OIDC_ENABLE_JWT_SIGNINGwas defined but never used—the implementation always generates JWT withalg="none". This created false expectations about signing capabilities.These gaps made it difficult for users to configure authentication correctly and understand which features were actually available.
Test Plan
just echo-http::lint- passesjust echo-http::test- all tests passjust echo-http::build- builds successfully