token introspection

[johakoch]

JWT: call token introspection endpoint

jwt "..." {
  # ...

  beta_introspection {
    endpoint = "..." # URL of introspection endpoint
    backend = "..." # OR backend {...} for introspection request

    # for authenticating the client at the authorization server
    # see e.g. https://docs.couper.io/configuration/block/oauth2
    endpoint_auth_method = "..."
    jwt_signing_profile {
      # ...
    }
    client_id = "..."
    client_secret = "..."

    ttl = "..." # duration; positive value: cache introspection response, otherwise do not cache
  }
}

---

Reviewer checklist

• Read PR description: a summary about the changes is required
• Changelog updated
• Documentation: docs/{Reference, Cli, ...}, Docker and cli help/usage
• Pulled branch, manually tested
• Verified requirements are met
• Reviewed the code
• Reviewed the related tests

[johakoch]

Do we have to lock whenever a new introspection request is created until the response is stored/cached (and so pausing introspection of the same token used in other client requests)?
Is it possible to lock per key?

[johakoch]

@malud https://codeclimate.com/github/coupergateway/couper/pull/649 I did my best with refactoring to reduce the number of return statements. But if there are several things to validate, max 4 return statements is not always possible.

Is there a way to ignore a specific check for a specific function?

[malud]

@malud https://codeclimate.com/github/coupergateway/couper/pull/649 I did my best with refactoring to reduce the number of return statements. But if there are several things to validate, max 4 return statements is not always possible.

Is there a way to ignore a specific check for a specific function?

You could extract the argument validations to own methods.

[johakoch]

You could extract the argument validations to own methods.

If there are at most 3 validations, yes.
With 4 validations, you have 4 possible errors + 1 happy path = 5 return statements.

And I don't think it makes much sense to group them by 2:

func validate() error {
  if err := validate12(); err != nil {
    return err
  }
  if err := validate34(); err != nil {
    return err
  }
  return nil
}

func validate12() error {
  if err := validate1(); err != nil {
    return err
  }
  if err := validate2(); err != nil {
    return err
  }
  return nil
}

func validate34() error {
  if err := validate3(); err != nil {
    return err
  }
  if err := validate4(); err != nil {
    return err
  }
  return nil
}

only to please codeclimate.

[malud]

I meant per type in new CSJ/PKJ methods. I will push a refactor (test) commit, otherwise we could increase the settings to 5 :) if possible.

[johakoch]

requestIntrospection() still has 4 error cases (roundtrip error, wrong status code, read error, JSON parse error) and the happy path return. To extract two of the error cases into a separate function, so that requestIntrospection() only has 4 return statements, would be artificial, IMO.