Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Auth token verification failure should not throw error immedicately #234

Merged
merged 1 commit into from
Jan 24, 2025
Merged

fix: Auth token verification failure should not throw error immedicately #234

merged 1 commit into from
Jan 24, 2025

Conversation

duwenxin99
Copy link
Contributor

Currently, we are throwing 401 error immediately after auth token verification failure. This is not expected in the following situations:

  1. Non-auth tool invocation with auth token that is invalid.
  2. Auth tool invocation with all the required auth token, but the header contains extra non-required token that is invalid
    These requests should pass the authorization check but fail under the current implementation.

Change made in this PR:

  1. Do not throw error immediately after auth token verification failure. Instead only log it and continue to the next header iteration.
  2. In the parseParams() method, if an auth parameter is missing, we should error with the message telling the user that either the auth header is missing or is invalid.

@duwenxin99 duwenxin99 requested a review from a team as a code owner January 24, 2025 08:46
@kurtisvg kurtisvg merged commit 4639cc6 into main Jan 24, 2025
8 checks passed
@kurtisvg kurtisvg deleted the oauth-bug branch January 24, 2025 15:49
@release-please release-please bot mentioned this pull request Jan 23, 2025
Merged
Yuan325 pushed a commit that referenced this pull request Feb 6, 2025
@release-please @kurtisvg
chore(main): release 0.1.0 (#217)
53158b0 
🤖 I have created a release *beep* *boop*
---


##
[0.1.0](v0.0.5...v0.1.0)
(2025-02-06)


### ⚠ BREAKING CHANGES

* **langchain-sdk:** The SDK for `toolbox-langchain` is now located
[here](https://github.com/googleapis/genai-toolbox-langchain-python).

### Features

* Add Cloud SQL for SQL Server Source and Tool
([#223](#223))
([9bad952](9bad952))
* Add Cloud SQL for MySQL Source and Tool
([#221](#221))
([f1f61d7](f1f61d7))
* Add Dgraph Source and Tool
([#233](#233))
([617cc87](617cc87))
* Add local quickstart
([#232](#232))
([497fb06](497fb06))
* Add user agents for cloud sources
([#244](#244))
([8452f8e](8452f8e))
* Add MySQL Source
([#250](#250))
([378692a](378692a))
* Add MSSQL source
([#255](#255))
([8fca0a9](8fca0a9))


### Bug Fixes

* Auth token verification failure should not throw error immediately
([#234](#234))
([4639cc6](4639cc6))
* Fix typo in postgres test
([#216](#216))
([0c3d12a](0c3d12a))
* **mssql:** Fix mssql tool kind to mssql-sql
([#249](#249))
([1357be2](1357be2))
* **mysql:** Fix mysql tool kind to mysql-sql
([#248](#248))
([669d6b7](669d6b7))
* Schema float type
([#264](#264))
([1702f74](1702f74))
* Typos at test cases
([#265](#265))
([b7c5661](b7c5661))
* Update README and quickstart with the correct async APIs.
([#269](#269))
([21eef2e](21eef2e))
* Update tool invoke to return json
([#266](#266))
([ad58cd5](ad58cd5))

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Kurtis Van Gent <31518063+kurtisvg@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anubhav756 anubhav756 anubhav756 approved these changes

@kurtisvg kurtisvg kurtisvg approved these changes

@twishabansal twishabansal Awaiting requested review from twishabansal

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@duwenxin99 @anubhav756 @kurtisvg