Skip to content

feat(oauth): fail open on token mint failure by default#194

Merged
mslipper merged 1 commit into
mainfrom
feat/oauth-token-fail-open
Jun 16, 2026
Merged

feat(oauth): fail open on token mint failure by default#194
mslipper merged 1 commit into
mainfrom
feat/oauth-token-fail-open

Conversation

@mslipper

@mslipper mslipper commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

oauth_token previously rejected every matching request with a 502 when a token mint failed, so one broken credential took down all traffic the entry matched. This changes the default to forward the request without the token instead, and adds a per-entry require: true flag to opt back into failing closed (502), mirroring the secrets transform's require semantics.

Note: this flips the default from fail-closed to fail-open. Existing configs that relied on the 502 rejection should add require: true.

@mslipper
feat(oauth): fail open on token mint failure by default
5dee4d0 
oauth_token previously rejected every matching request with a 502 when
minting failed, so one broken credential took down all traffic the entry
matched. Default to forwarding the request without the token instead, and
add a per-entry "require: true" flag to opt back into failing closed,
mirroring the secrets transform's require semantics.
@mslipper mslipper merged commit d0d882c into main Jun 16, 2026
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mslipper