Skip to content

Release 4.4.15#324

Open
mpgxvii wants to merge 45 commits intomasterfrom
release-4.4.15
Open

Release 4.4.15#324
mpgxvii wants to merge 45 commits intomasterfrom
release-4.4.15

Conversation

@mpgxvii
Copy link
Copy Markdown
Member

@mpgxvii mpgxvii commented Mar 26, 2026
edited by this-Aditya
Loading

this-Aditya and others added 30 commits February 4, 2026 12:44
@this-Aditya
Adding code verifier column
4f043f7
@this-Aditya
Created liquibase changelogs for new column
fb39317
@this-Aditya
Pkce util for generating code verifier and challenge
64ac285
@this-Aditya
Config for the clients that use pkce
65dd3f1
@this-Aditya
Creating code verifiers and authorization requests
71932d3
@this-Aditya
Oauth auth and token calls for garmin
3c82ddb
@this-Aditya
Garmin oauth2 now supports deregistration and fetching external user id
fd2ecd6
@this-Aditya
Binding Garmin OAuth2 implementation to AbstractBinder
bc96f84
@this-Aditya
Ktlint format
bf681a7
@this-Aditya
Not using submitForm in garmin auth service as it uses the basic auth…
9f1056a 
… for request which is not needed for garmin oauth
@this-Aditya
Re-adding the garmin oauth-1 authorization service along with the oau…
2ae8eb7 
…th-2 service
@this-Aditya
Binding in singleton scope
7bbcf76
@mpgxvii
Fallback to existing userId if not present when refreshing token
a05c2ab
@mpgxvii
Merge pull request #318 from RADAR-base/conditional-oauth1
0092258 
Re-added the Garmin OAuth 1 authorization service
@mpgxvii
Merge pull request #321 from RADAR-base/fix/user-id
9ba4058 
Fix missing user_id during token refresh
@this-Aditya
Remove incorrect oauth binding
bcccf78
@this-Aditya
Corrected token revoking
644e77f
@this-Aditya
Including token param when requesting the access token
c717aab
@this-Aditya
Update configs
8e011f5
@this-Aditya
Remove unused encoder
bc57a2a
@this-Aditya
Add docs for binding
43fe9b7
@this-Aditya
Optimize the revokeToken and add docs
f79c2f1
@this-Aditya
ktlint fixes
7519b94
@this-Aditya
Add project ID to account already registered error message
804cda8
@this-Aditya
Merge branch 'dev' into garmin-oauth-migration
24423e8
@this-Aditya
Merge pull request #322 from RADAR-base/add-project-id-to-conflict-error
9e09d9f 
Add project ID to account already registered error message
@this-Aditya
Merge branch 'dev' into garmin-oauth-migration
fe50f80
@this-Aditya
Merge pull request #317 from RADAR-base/garmin-oauth-migration
64f7849 
Garmin OAuth migration from OAuth 1.0 to OAuth 2.0
@this-Aditya
refactor: migrate submitForm to named params and fix codeVerifier typo
b5d22ba
@this-Aditya
Merge branch 'dev' into update-requests
06b84cd
@this-Aditya
Update authorizer-app-backend/src/main/resources/db/changelog/changes…
360b607 
…/20260204120000_add_code_verifier_column.xml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@this-Aditya
Copy link
Copy Markdown
Member

this-Aditya commented Mar 27, 2026

@copilot apply changes based on the comments in this thread

Copy link
Copy Markdown

Copilot AI commented Mar 27, 2026
edited
Loading

@copilot apply changes based on the comments in this thread

Applied all changes from the review thread in commit 0bc09fc:

  • oauthVersion default changed from "oauth2" to "oauth1" in RestSourceClient.kt to avoid breaking existing Garmin OAuth1 configs
  • Removed sensitive one-time token values from both exception messages in GarminOAuth2AuthorizationService.kt (both now use "code verifier not found for provided state token")
  • Used checkNotNull for client_id and client_secret in refreshToken (consistent with the existing pattern in requestAccessToken)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • o1.ingest.sentry.io
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED --add-opens=java.base/java.nio.charset=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.atomic=ALL-UNNAMED --add-opens=java.xml/javax.xml.namespace=ALL-UNNAMED -XX:MaxMetaspaceSize=384m -XX:&#43;HeapDumpOnOutOfMemoryError -Xms256m -Xmx512m -Dfile.encoding=UTF-8 -Duser.country -Duser.language=en (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI requested a review from this-Aditya March 27, 2026 15:39
this-Aditya
this-Aditya previously approved these changes Mar 27, 2026
View reviewed changes
@this-Aditya this-Aditya mentioned this pull request Mar 27, 2026
Merged
yatharthranjan
yatharthranjan reviewed Mar 31, 2026
View reviewed changes
Comment thread ...p-backend/src/main/java/org/radarbase/authorizer/service/GarminOAuth2AuthorizationService.kt
}

override suspend fun deregisterUser(user: RestSourceUser) {
userRepository.delete(user)
Copy link
Copy Markdown
Member

@yatharthranjan yatharthranjan Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need to deregister on Garmin too (call the deleteRegistration function) ?

Copy link
Copy Markdown
Member

@this-Aditya this-Aditya Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't need to do this as it is called by reportDeregistration which is triggered by garmin push service when the user has already revoked permissions on Garmin's side.
We just need to clean up our own DB, not send the deregistration again.

yatharthranjan
yatharthranjan reviewed Mar 31, 2026
View reviewed changes
Comment thread authorizer-app-backend/authorizer.yml Outdated
yatharthranjan
yatharthranjan reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@yatharthranjan yatharthranjan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks guys, nice work!. It looks already quite good, just some comments to improve robustness.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yatharthranjan yatharthranjan yatharthranjan left review comments

@this-Aditya this-Aditya this-Aditya left review comments

Copilot code review Copilot Copilot left review comments

@pvannierop pvannierop Awaiting requested review from pvannierop

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mpgxvii @this-Aditya @yatharthranjan