Skip to content

(wip) feat/lfxv2 643 auth0 user scopes get info using user token #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

(wip) feat/lfxv2 643 auth0 user scopes get info using user token #121

wants to merge 3 commits into from
+54 −19

Conversation

@mauriciozanettisalomao
Copy link
Contributor

No description provided.

@mauriciozanettisalomao
feat(profile.controller): enhance authentication token handling and u…
a17b1af 
…ser metadata retrieval

- Updated the profile controller to retrieve the authentication token from the request, improving error handling when the token is missing.
- Adjusted the getUserInfo method to use the token for fetching user data from NATS, ensuring a more reliable user profile retrieval process.

Jira Ticket: https://linuxfoundation.atlassian.net/browse/LFXV2-643

Generated with [Cursor](https://cursor.com/)

Signed-off-by: Mauricio Zanetti Salomao <mauriciozanetti86@gmail.com>
@mauriciozanettisalomao
fix(server): update Auth0 audience URL for authentication
5a9ae5f 
- Changed the audience parameter in the Auth0 configuration to point to the correct development URL for user authentication.

Jira Ticket: https://linuxfoundation.atlassian.net/browse/LFXV2-643

Signed-off-by: Mauricio Zanetti Salomao <mauriciozanetti86@gmail.com>
@mauriciozanettisalomao mauriciozanettisalomao requested review from Copilot and removed request for jordane October 13, 2025 15:35
@mauriciozanettisalomao mauriciozanettisalomao marked this pull request as draft October 13, 2025 15:35
github-actions[bot]
github-actions bot reviewed Oct 13, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR titles must follow Conventional Commits. Love from, Your reviewers ❤️.

Copilot AI reviewed Oct 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements authentication token-based user profile access as part of the Auth0 user scopes feature. The changes modify the authentication configuration to use Auth0's Management API and update the profile controller to use authentication tokens instead of user IDs.

  • Updates Auth0 configuration to use Management API audience and adds user metadata scopes
  • Modifies profile controller to extract and validate authentication tokens from requests
  • Changes user service call to use tokens instead of user IDs for authentication

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
apps/lfx-one/src/server/server.ts Updates Auth0 config with Management API audience and additional user scopes
apps/lfx-one/src/server/controllers/profile.controller.ts Adds token extraction/validation and updates user service call to use tokens

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

apps/lfx-one/src/server/server.ts
response_type: 'code',
audience: process.env['PCC_AUTH0_AUDIENCE'] || 'https://example.com',
scope: 'openid email profile access:api offline_access',
audience: 'https://linuxfoundation-dev.auth0.com/api/v2/',
Copy link

Copilot AI Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoding the Auth0 audience URL removes environment flexibility. Consider using an environment variable like process.env['PCC_AUTH0_AUDIENCE'] with this as a fallback to maintain consistency with other configuration values.

Suggested change
audience: 'https://linuxfoundation-dev.auth0.com/api/v2/',
audience: process.env['PCC_AUTH0_AUDIENCE'] || 'https://linuxfoundation-dev.auth0.com/api/v2/',

Copilot uses AI. Check for mistakes.
apps/lfx-one/src/server/controllers/profile.controller.ts
}

// Get the bearer token from the request (set by auth middleware) or OIDC access token
const token = req.bearerToken || req.oidc?.accessToken?.access_token;
Copy link

Copilot AI Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The property path req.oidc?.accessToken?.access_token appears to have redundant 'access_token' properties. Verify this is the correct path or if it should be req.oidc?.accessToken instead.

Suggested change
const token = req.bearerToken || req.oidc?.accessToken?.access_token;
const token = req.bearerToken || req.oidc?.accessToken;

Copilot uses AI. Check for mistakes.
@coderabbitai
Copy link

coderabbitai bot commented Oct 13, 2025

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feat/lfxv2-643-auth0-user-scopes-get-info-using-user-token

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link

github-actions bot commented Oct 13, 2025
edited
Loading

🚀 Deployment Status

Your branch has been deployed to: https://ui-pr-121.dev.v2.cluster.linuxfound.info

Deployment Details:

  • Environment: Development
  • Namespace: ui-pr-121
  • ArgoCD App: ui-pr-121

The deployment will be automatically removed when this PR is closed.

@github-actions
Copy link

github-actions bot commented Oct 13, 2025
edited
Loading

✅ E2E Tests Passed

Browser: chromium
Status: passed

All E2E tests passed successfully.

Test Configuration

@mauriciozanettisalomao
feat(profile.controller): enhance user profile retrieval from Auth0
b5c6fde 
- Updated the profile controller to handle cases where a Supabase user is not found, returning minimal user data from Auth0 instead.
- Improved logging to indicate when Auth0 user data is being returned.
- Simplified the merging of user profile data by directly assigning the profile from Supabase or returning null if not available.

Jira Ticket: https://linuxfoundation.atlassian.net/browse/LFXV2-643

Generated with [Cursor](https://cursor.com/)

Signed-off-by: Mauricio Zanetti Salomao <mauriciozanetti86@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

@jordane jordane Awaiting requested review from jordane jordane will be requested when the pull request is marked ready for review jordane is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

deploy-preview

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mauriciozanettisalomao