Thanks to visit codestin.com
Credit goes to github.com

Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: golang/oauth2
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.11.0
Choose a base ref
...
head repository: golang/oauth2
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.12.0
Choose a head ref
  • 2 commits
  • 9 files changed
  • 2 contributors

Commits on Aug 9, 2023

  1. oauth2: move global auth style cache to be per-Config 

    In 80673b4 (https://go.dev/cl/157820) I added a never-shrinking
package-global cache to remember which auto-detected auth style (HTTP
headers vs POST) was supported by a certain OAuth2 server, keyed by
its URL.

Unfortunately, some multi-tenant SaaS OIDC servers behave poorly and
have one global OpenID configuration document for all of their
customers which says ("we support all auth styles! you pick!") but
then give each customer control of which style they specifically
accept. This is bogus behavior on their part, but the oauth2 package's
global caching per URL isn't helping. (It's also bad to have a
package-global cache that can never be GC'ed)

So, this change moves the cache to hang off the oauth *Configs
instead. Unfortunately, it does so with some backwards compatiblity
compromises (an atomic.Value hack), lest people are using old versions
of Go still or copying a Config by value, both of which this package
previously accidentally supported, even though they weren't tested.

This change also means that anybody that's repeatedly making ephemeral
oauth.Configs without an explicit auth style will be losing &
reinitializing their cache on any auth style failures + fallbacks to
the other style. I think that should be pretty rare. People seem to
make an oauth2.Config once earlier and stash it away somewhere (often
deep in a token fetcher or HTTP client/transport).

Change-Id: I91f107368ab3c3d77bc425eeef65372a589feb7b
Signed-off-by: Brad Fitzpatrick <[email protected]>
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/515675
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Adrian Dewhurst <[email protected]>
Reviewed-by: Michael Knyszek <[email protected]>
    @bradfitz
    bradfitz committed Aug 9, 2023
    Configuration menu
    Copy the full SHA
    a835fc4 View commit details
    Browse the repository at this point in the history

Commits on Sep 5, 2023

  1. go.mod: update golang.org/x dependencies 

    Update golang.org/x dependencies to their latest tagged versions.

Change-Id: I2fb95ca59417e20377bc315094221fa7165128c8
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/525675
Reviewed-by: Heschi Kreinick <[email protected]>
Run-TryBot: Gopher Robot <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Auto-Submit: Gopher Robot <[email protected]>
    @gopherbot
    gopherbot committed Sep 5, 2023
    Configuration menu
    Copy the full SHA
    0708528 View commit details
    Browse the repository at this point in the history
Loading