Skip to content

Fix silent credential injection failures by returning 502 on error#13

Merged
bbrowning merged 1 commit intomainfrom
502-on-credential-inject-failure
Apr 2, 2026
Merged

Fix silent credential injection failures by returning 502 on error#13
bbrowning merged 1 commit intomainfrom
502-on-credential-inject-failure

Conversation

@bbrowning
Copy link
Copy Markdown
Owner

@bbrowning bbrowning commented Apr 2, 2026

When GCloudInjector.Inject() failed (token refresh, init, invalid token),
InjectCredentials() still logged CREDENTIAL_INJECT and forwarded the request
with the dummy "paude-proxy-managed" token, causing confusing 401s from GCP.

Now Inject() returns bool, InjectCredentials() returns (matched, injected),
and the proxy returns 502 Bad Gateway when injection fails instead of
forwarding with dummy credentials.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

@bbrowning @claude
Fix silent credential injection failures by returning 502 on error
c64af94 
When GCloudInjector.Inject() failed (token refresh, init, invalid token),
InjectCredentials() still logged CREDENTIAL_INJECT and forwarded the request
with the dummy "paude-proxy-managed" token, causing confusing 401s from GCP.

Now Inject() returns bool, InjectCredentials() returns (matched, injected),
and the proxy returns 502 Bad Gateway when injection fails instead of
forwarding with dummy credentials.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@bbrowning bbrowning merged commit c2be1d0 into main Apr 2, 2026
6 checks passed
@bbrowning bbrowning deleted the 502-on-credential-inject-failure branch April 2, 2026 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bbrowning