Skip to content

fix(oauth): apply provider schema defaults from OAUTH_PROVIDERS env#50

Merged
Bccorb merged 2 commits into
mainfrom
fix/oauth-provider-config-defaults
Jun 29, 2026
Merged

fix(oauth): apply provider schema defaults from OAUTH_PROVIDERS env#50
Bccorb merged 2 commits into
mainfrom
fix/oauth-provider-config-defaults

Conversation

@Bccorb

@Bccorb Bccorb commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Fixes #49.

Problem

OAuth login configured via OAUTH_PROVIDERS failed with a generic 400 "OAuth login failed"
unless every provider explicitly set subjectJsonPath/emailJsonPath/emailVerifiedJsonPath.
parseEnvConfigs parsed the value with a raw JSON.parse, so the OAuthProviderConfigSchema
defaults for those fields were never applied. getJsonPathValue returns undefined for a
falsy path, so profile extraction yielded nothing and fetchOAuthProfile threw
"OAuth profile did not include a provider subject".

Fix

  • Parse oauth_providers through z.array(OAuthProviderConfigSchema) so per-provider defaults
    are applied (and invalid entries fail fast at startup).
  • Log the underlying error in the finishOAuthLogin catch, which previously swallowed it.

Tests

  • New parseSystemConfigEnvValue cases: defaults are applied to a minimal provider; an invalid
    provider entry throws.
  • Full suite green (486 passing).

Found by the seamless verify conformance harness (mock-OIDC OAuth case).

Bccorb added 2 commits June 29, 2026 10:59
OAUTH_PROVIDERS was parsed with a raw JSON.parse, so per-provider defaults
(subjectJsonPath, emailJsonPath, ...) were never applied and OAuth profile
extraction failed silently. Validate the env value through the schema, and log
the underlying error in the callback catch. Fixes #49.
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@Bccorb Bccorb merged commit 90d64c0 into main Jun 29, 2026
2 checks passed
@Bccorb Bccorb deleted the fix/oauth-provider-config-defaults branch June 29, 2026 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

OAuth providers from OAUTH_PROVIDERS env skip schema defaults (subjectJsonPath etc.) → silent login failure

2 participants