Skip to content

🐛 fix(oci): parse Bearer parameters#232

Merged
gaborbernat merged 1 commit into
tox-dev:mainfrom
gaborbernat:fix/oci-bearer-challenge
Jul 13, 2026
Merged

🐛 fix(oci): parse Bearer parameters#232
gaborbernat merged 1 commit into
tox-dev:mainfrom
gaborbernat:fix/oci-bearer-challenge

Conversation

@gaborbernat

@gaborbernat gaborbernat commented Jul 13, 2026

Copy link
Copy Markdown
Member

Peryx split commas inside quoted values as parameter separators, which truncated realm URLs. It dropped mixed-case fields and forwarded quoted-pair escapes to the token server. This closes #224.

Peryx now scans each challenge once under RFC 9110, parses token and quoted-string values, then decodes quoted pairs. Parameter names use ASCII-insensitive comparisons. url::Url preserves existing realm query parameters before Peryx adds scope and service.

@gaborbernat gaborbernat added bug Something isn't working priority:P1 Protocol parity or important product gap type:bug Incorrect behavior or missing validation area:upstream Upstream client, parsing, and downloads area:auth Authentication, authorization, tokens, and credentials area:api HTTP API, OpenAPI, discovery, and legacy API surfaces labels Jul 13, 2026
@gaborbernat gaborbernat self-assigned this Jul 13, 2026
@read-the-docs-community

read-the-docs-community Bot commented Jul 13, 2026

Copy link
Copy Markdown

@codspeed-hq

codspeed-hq Bot commented Jul 13, 2026

Copy link
Copy Markdown

Merging this PR will not alter performance

✅ 30 untouched benchmarks
⏩ 91 skipped benchmarks1


Comparing gaborbernat:fix/oci-bearer-challenge (2db4069) with main (019049d)

Open in CodSpeed

Footnotes

  1. 91 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

Peryx failed OCI token exchange when registries sent quoted commas or mixed-case
authentication parameter names. It also forwarded backslash escapes verbatim.

Peryx parses authentication parameters in one pass under RFC 9110. It preserves
existing realm queries with `url::Url` when appending token request parameters.

Fixes tox-dev#224
@gaborbernat gaborbernat force-pushed the fix/oci-bearer-challenge branch from fe94e4c to 2db4069 Compare July 13, 2026 20:46
@gaborbernat gaborbernat marked this pull request as ready for review July 13, 2026 21:25
@gaborbernat gaborbernat merged commit d84adbd into tox-dev:main Jul 13, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:api HTTP API, OpenAPI, discovery, and legacy API surfaces area:auth Authentication, authorization, tokens, and credentials area:upstream Upstream client, parsing, and downloads bug Something isn't working priority:P1 Protocol parity or important product gap type:bug Incorrect behavior or missing validation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(oci): parse Bearer challenge parameters

1 participant