phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-06-27 18:50:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(auth): allow token to be provided for use against jwks endpoint (#2394)
Some checks failed
Integration Auth Tests / test-matrix (oauth2_token) (push) Failing after 1s
Details
Integration Tests / test-matrix (http, 3.10, providers) (push) Failing after 4s
Details
Integration Tests / test-matrix (http, 3.10, inspect) (push) Failing after 5s
Details
Integration Tests / test-matrix (http, 3.10, inference) (push) Failing after 7s
Details
Integration Tests / test-matrix (http, 3.11, agents) (push) Failing after 5s
Details
Integration Tests / test-matrix (http, 3.10, vector_io) (push) Failing after 7s
Details
Update ReadTheDocs / update-readthedocs (push) Failing after 1m11s
Details
Integration Tests / test-matrix (http, 3.10, datasets) (push) Failing after 10s
Details
Integration Tests / test-matrix (http, 3.10, tool_runtime) (push) Failing after 8s
Details
Integration Tests / test-matrix (http, 3.10, scoring) (push) Failing after 8s
Details
Integration Tests / test-matrix (http, 3.10, agents) (push) Failing after 10s
Details
Integration Tests / test-matrix (http, 3.11, post_training) (push) Failing after 6s
Details
Integration Tests / test-matrix (http, 3.11, inspect) (push) Failing after 6s
Details
Integration Tests / test-matrix (http, 3.11, inference) (push) Failing after 7s
Details
Integration Tests / test-matrix (http, 3.12, agents) (push) Failing after 5s
Details
Integration Tests / test-matrix (http, 3.11, vector_io) (push) Failing after 6s
Details
Integration Tests / test-matrix (http, 3.12, post_training) (push) Failing after 6s
Details
Integration Tests / test-matrix (http, 3.10, post_training) (push) Failing after 13s
Details
Integration Tests / test-matrix (http, 3.12, providers) (push) Failing after 6s
Details
Integration Tests / test-matrix (http, 3.11, providers) (push) Failing after 10s
Details
Integration Tests / test-matrix (http, 3.11, datasets) (push) Failing after 12s
Details
Integration Tests / test-matrix (http, 3.12, datasets) (push) Failing after 10s
Details
Integration Tests / test-matrix (http, 3.11, tool_runtime) (push) Failing after 11s
Details
Integration Tests / test-matrix (library, 3.10, agents) (push) Failing after 7s
Details
Integration Tests / test-matrix (http, 3.12, tool_runtime) (push) Failing after 8s
Details
Integration Tests / test-matrix (http, 3.12, inference) (push) Failing after 10s
Details
Integration Tests / test-matrix (http, 3.12, scoring) (push) Failing after 9s
Details
Integration Tests / test-matrix (library, 3.11, post_training) (push) Failing after 6s
Details
Integration Tests / test-matrix (library, 3.11, scoring) (push) Failing after 7s
Details
Integration Tests / test-matrix (library, 3.10, post_training) (push) Failing after 7s
Details
Integration Tests / test-matrix (library, 3.12, datasets) (push) Failing after 7s
Details
Integration Tests / test-matrix (library, 3.10, inspect) (push) Failing after 7s
Details
Integration Tests / test-matrix (library, 3.10, providers) (push) Failing after 7s
Details
Integration Tests / test-matrix (http, 3.12, vector_io) (push) Failing after 8s
Details
Integration Tests / test-matrix (library, 3.10, inference) (push) Failing after 9s
Details
Integration Tests / test-matrix (library, 3.10, datasets) (push) Failing after 8s
Details
Integration Tests / test-matrix (library, 3.10, vector_io) (push) Failing after 8s
Details
Integration Tests / test-matrix (library, 3.11, agents) (push) Failing after 5s
Details
Integration Tests / test-matrix (library, 3.12, inspect) (push) Failing after 12s
Details
Integration Tests / test-matrix (library, 3.10, scoring) (push) Failing after 9s
Details
Integration Tests / test-matrix (library, 3.11, inference) (push) Failing after 9s
Details
Integration Tests / test-matrix (http, 3.12, inspect) (push) Failing after 10s
Details
Integration Tests / test-matrix (library, 3.11, providers) (push) Failing after 8s
Details
Integration Tests / test-matrix (library, 3.10, tool_runtime) (push) Failing after 11s
Details
Integration Tests / test-matrix (library, 3.12, scoring) (push) Failing after 7s
Details
Integration Tests / test-matrix (http, 3.11, scoring) (push) Failing after 12s
Details
Integration Tests / test-matrix (library, 3.11, datasets) (push) Failing after 7s
Details
Integration Tests / test-matrix (library, 3.12, tool_runtime) (push) Failing after 6s
Details
Integration Tests / test-matrix (library, 3.11, tool_runtime) (push) Failing after 7s
Details
Integration Tests / test-matrix (library, 3.12, inference) (push) Failing after 8s
Details
Integration Tests / test-matrix (library, 3.12, agents) (push) Failing after 8s
Details
Integration Tests / test-matrix (library, 3.11, vector_io) (push) Failing after 9s
Details
Integration Tests / test-matrix (library, 3.11, inspect) (push) Failing after 8s
Details
Integration Tests / test-matrix (library, 3.12, post_training) (push) Failing after 7s
Details
Test External Providers / test-external-providers (venv) (push) Failing after 6s
Details
Integration Tests / test-matrix (library, 3.12, providers) (push) Failing after 10s
Details
Integration Tests / test-matrix (library, 3.12, vector_io) (push) Failing after 9s
Details
Unit Tests / unit-tests (3.11) (push) Failing after 8s
Details
Unit Tests / unit-tests (3.13) (push) Failing after 6s
Details
Unit Tests / unit-tests (3.12) (push) Failing after 1m17s
Details
Unit Tests / unit-tests (3.10) (push) Failing after 1m19s
Details
Pre-commit / pre-commit (push) Successful in 2m26s
Details

Browse source 
Though the jwks endpoint does not usually require authentication, it
does in a kubernetes cluster. While the cluster can be configured to
allow anonymous access to that endpoint, this avoids the need to do so.
This commit is contained in:
grs 2025-06-13 04:13:41 -04:00 committed by GitHub
parent ddaee42650
commit e2e15ebb6c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 99 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

50
tests/unit/server/test_auth.py
View file

@ -345,6 +345,56 @@ def test_invalid_oauth2_authentication(oauth2_client, invalid_token):
assert "Invalid JWT token" in response.json()["error"]["message"]
async def mock_auth_jwks_response(*args, **kwargs):
if "headers" not in kwargs or "Authorization" not in kwargs["headers"]:
return MockResponse(401, {})
authz = kwargs["headers"]["Authorization"]
if authz != "Bearer my-jwks-token":
return MockResponse(401, {})
return await mock_jwks_response(args, kwargs)
@pytest.fixture
def oauth2_app_with_jwks_token():
app = FastAPI()
auth_config = AuthenticationConfig(
provider_type=AuthProviderType.OAUTH2_TOKEN,
config={
"jwks": {
"uri": "http://mock-authz-service/token/introspect",
"key_recheck_period": "3600",
"token": "my-jwks-token",
},
"audience": "llama-stack",
},
)
app.add_middleware(AuthenticationMiddleware, auth_config=auth_config)
@app.get("/test")
def test_endpoint():
return {"message": "Authentication successful"}
return app
@pytest.fixture
def oauth2_client_with_jwks_token(oauth2_app_with_jwks_token):
return TestClient(oauth2_app_with_jwks_token)
@patch("httpx.AsyncClient.get", new=mock_auth_jwks_response)
def test_oauth2_with_jwks_token_expected(oauth2_client, jwt_token_valid):
response = oauth2_client.get("/test", headers={"Authorization": f"Bearer {jwt_token_valid}"})
assert response.status_code == 401
@patch("httpx.AsyncClient.get", new=mock_auth_jwks_response)
def test_oauth2_with_jwks_token_configured(oauth2_client_with_jwks_token, jwt_token_valid):
response = oauth2_client_with_jwks_token.get("/test", headers={"Authorization": f"Bearer {jwt_token_valid}"})
assert response.status_code == 200
assert response.json() == {"message": "Authentication successful"}
def test_get_attributes_from_claims():
claims = {
"sub": "my-user",