feat: add JSON codecs for challenges and credentials#10
Conversation
brendanjryan
force-pushed
the
brendan/mpp-go-json-codecs
branch
from
194002f to
bb782ae
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 194002fe36
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if len(trimmed) == 0 || bytes.Equal(trimmed, []byte("null")) { | ||
| return b64EncodeRequest(nil), nil |
There was a problem hiding this comment.
Credential.UnmarshalJSON currently treats an absent or null challenge.request as b64EncodeRequest(nil) (e30), which silently turns malformed input into a concrete echoed request. That means a credential JSON payload missing a required field can be re-serialized with ToAuthorization() into a syntactically valid header, and may pass downstream checks for endpoints whose expected request is {}. Missing challenge.request should fail decoding instead of being defaulted.
Useful? React with 👍 / 👎.
| if err != nil { | ||
| return map[string]string{"_raw": encoded}, nil |
There was a problem hiding this comment.
When challenge.opaque is a JSON string that is not valid base64url, decodeJSONOpaque stores it as {"_raw": ...} instead of returning an error. This accepts invalid wire data and defers failure until much later (e.g., ToAuthorization() emits that raw invalid value, which ParseCredential rejects on the receiving side). Decoding should error immediately here to keep JSON handling consistent with existing credential parsing rules.
Useful? React with 👍 / 👎.
brendanjryan
force-pushed
the
brendan/mpp-go-json-codecs
branch
2 times, most recently
from
8c111ca to
4e61509
Compare
brendanjryan
force-pushed
the
brendan/mpp-go-json-codecs
branch
from
4e61509 to
00381af
Compare
1 participant
Summary
encoding/jsonsupport formpp.Challengewith decodedrequestJSON and normalizedRequestB64encoding/jsonsupport formpp.Credentialsochallenge.requestaccepts standard object JSON instead of forcing callers to manage base64url manuallyChallenge's custom JSON behavior via a transient conversion, while keepingCredentialstored asChallengeEcho