Skip to content

Complete echo-http environment variable documentation #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lambdalisue merged 1 commit into from
Jan 6, 2026
Merged

Complete echo-http environment variable documentation #25

lambdalisue merged 1 commit into from
Jan 6, 2026
+22 −27

Conversation

@lambdalisue
Copy link
Member

@lambdalisue lambdalisue commented Jan 6, 2026

Summary

  • Fix AUTH_ALLOWED_GRANT_TYPES default to include all 4 supported grant types (authorization_code, client_credentials, password, refresh_token)
  • Add new "Authentication Configuration" section documenting shared credentials
  • Document AUTH_ALLOWED_USERNAME and AUTH_ALLOWED_PASSWORD with their default values
  • Remove unused OIDC_ENABLE_JWT_SIGNING configuration option

Why

The API documentation was incomplete and misleading:

  1. Incomplete default values: AUTH_ALLOWED_GRANT_TYPES default only listed 2 out of 4 implemented grant types, preventing users from discovering password and refresh_token flows without reading source code.

  2. Missing shared credentials: AUTH_ALLOWED_USERNAME and AUTH_ALLOWED_PASSWORD were undocumented despite being used across Basic Auth, Bearer Token, and OAuth2/OIDC flows. Users had no way to know these variables existed or their default values.

  3. Dead code confusion: OIDC_ENABLE_JWT_SIGNING was defined but never used—the implementation always generates JWT with alg="none". This created false expectations about signing capabilities.

These gaps made it difficult for users to configure authentication correctly and understand which features were actually available.

Test Plan

  • Run just echo-http::lint - passes
  • Run just echo-http::test - all tests pass
  • Run just echo-http::build - builds successfully
  • Verify all environment variables in docs match implementation

@lambdalisue
docs(echo-http): complete environment variable documentation and remo…
f8d1196 
…ve unimplemented feature

The AUTH_ALLOWED_GRANT_TYPES default was incomplete, missing 'password'
and 'refresh_token' grant types that are actually implemented. The
documentation also lacked AUTH_ALLOWED_USERNAME/PASSWORD variables and
their default values, making it difficult for users to understand shared
authentication configuration.

OIDC_ENABLE_JWT_SIGNING was defined but never used - the implementation
always generates JWT with alg="none". Removing this prevents user
confusion and reduces maintenance burden.

Changes:
- Fix AUTH_ALLOWED_GRANT_TYPES default to include all 4 supported types
- Add Authentication Configuration section for shared credentials
- Document AUTH_ALLOWED_USERNAME/PASSWORD with defaults
- Remove unused OIDC_ENABLE_JWT_SIGNING from all config structs
Copilot AI review requested due to automatic review settings January 6, 2026 14:46
@lambdalisue lambdalisue merged commit c3d11d2 into main Jan 6, 2026
7 checks passed
@lambdalisue lambdalisue deleted the fix/http/doc branch January 6, 2026 14:49
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR completes the environment variable documentation for the echo-http service by updating default values, adding missing configuration details, and removing dead code. The changes ensure users can properly configure authentication without needing to read source code.

  • Fixed AUTH_ALLOWED_GRANT_TYPES default to include all 4 implemented grant types
  • Added new "Authentication Configuration" section documenting shared credentials (AUTH_ALLOWED_USERNAME and AUTH_ALLOWED_PASSWORD)
  • Removed unused OIDC_ENABLE_JWT_SIGNING configuration that was never implemented

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
echo-http/config.go Updated AUTH_ALLOWED_GRANT_TYPES default to include password and refresh_token; removed unused OIDCEnableJWTSigning field
echo-http/handlers/config.go Removed unused OIDCEnableJWTSigning field from handlers Config struct
echo-http/main.go Removed OIDCEnableJWTSigning field mapping when initializing handlers config
echo-http/docs/api.md Added "Authentication Configuration" section; updated OAuth2 table with complete grant types default; removed OIDC JWT signing documentation; updated Basic Auth and Bearer Token sections with default values

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lambdalisue