@acsrujandraftchecks…apollo-oidc-api-auth → master23 files · +1431 −11review: @abir-taheerreview: @anshugarg15updated 2d agooidcApiAuthEnabledopenid-client for issuer discovery and jose for JWT/JWKS verificationA customer configures OIDC by binding an exact OIDC identity to a project: issuer, audience, and subject map to a Composio project and org member. The token must be sent as Authorization: Bearer <oidc_jwt>; Apollo discovers the issuer metadata from iss/.well-known/openid-configuration, fetches jwks_uri, verifies the signature, and checks the binding. The rollout gate is oidcApiAuthEnabled for the org.
pnpm --dir apps/apollo format:checkSKIP_VALIDATION=true pnpm --dir apps/apollo with-env vitest run --config vitest.unit.config.ts src/lib/oidc_auth.unit.test.ts src/lib/auth_middleware_oidc.unit.test.ts src/lib/auth_middleware_bearer_disabled.unit.test.ts src/server/nextjs/resolver/resolvers_bearer_disabled.unit.test.tspnpm --dir apps/apollo check-types 2>&1 | rg 'src/lib/(authMiddleware|oidc|auth_middleware|oidc_auth)|src/server/nextjs/resolver/resolvers|src/env|src/common/lib/external/launchDarkly' returned no matchespnpm --dir apps/apollo lint 2>&1 | rg 'src/lib/(oidc_auth|oidc/|authMiddleware|auth_middleware)|src/server/nextjs/resolver/resolvers|src/env|launchDarkly' returned no matchesNotes: full check-types and lint still fail on existing generated Thermos and repo-wide unsafe-type issues unrelated to this change. Unit tests pass but emit existing Redis/LaunchDarkly initialization noise from imported Apollo modules.
Review the following changes in direct dependencies. Learn more about Socket for GitHub.