Conversation
src/ipc/ipc.c:176:14: warning: conflicting types for ‘ipc_connect’ due to enum/integer mismatch; have ‘oidc_error_t(struct connection)’ {aka ‘enum _oidc_error(struct connection)’} [-Wenum-int-mismatch]
176 | oidc_error_t ipc_connect(struct connection con) {
| ^~~~~~~~~~~
In file included from src/ipc/ipc.c:2:
src/ipc/ipc.h:24:5: note: previous declaration of ‘ipc_connect’ with type ‘int(struct connection)’
24 | int ipc_connect(struct connection con);
| ^~~~~~~~~~~
src/oidc-agent/http/http_handler.c: In function ‘init’:
src/oidc-agent/http/http_handler.c:69:3: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning]
69 | curl_easy_setopt(curl, CURLOPT_TIMEOUT, AGENT_CURL_TIMEOUT);
| ^
src/oidc-agent/http/http_handler.c:70:3: warning: call to ‘_curl_easy_setopt_err_long’ declared with attribute warning: curl_easy_setopt expects a long argument [-Wattribute-warning]
70 | curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, AGENT_CURL_CONNECT_TIMEOUT);
| ^
src/oidc-agent/http/http_handler.c: In function ‘setWriteFunction’:
src/oidc-agent/http/http_handler.c:103:3: warning: call to ‘_curl_easy_setopt_err_write_callback’ declared with attribute warning: curl_easy_setopt expects a curl_write_callback argument [-Wattribute-warning]
103 | curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
| ^
Fix compiler warnings
…files-do-not-exist add `log_error` parameter to file I/O functions to control error logg…
Add a new --trace-http FILE option to oidc-agent that writes all HTTP traffic with OpenID Providers to a user-specified file using curl's debug callback. The trace includes full request/response headers and bodies, TLS info, and per-request timing. This enables diagnosing issues like scope negotiation failures without needing external tools. Also improve error diagnostics: - Include the OP endpoint URL in token error messages so users can distinguish OP-side errors from oidc-agent-side errors - Log scope mismatches at NOTICE level when the OP returns different scopes than requested - Add per-request timing (CURLINFO_TOTAL_TIME) to DEBUG log output - Fix DELETE requests being logged as "Https GET" Closes #623
…e error message Add GID 0 (root group) to the trusted GID list, mirroring the existing implicit trust of UID 0. This fixes the issue where directories like /tmp owned by root:root with group-writable + sticky bit permissions were incorrectly flagged as untrusted. Fixes #603. Also make the OIDC_EPERM error message include the actual path that failed the trust check, giving users actionable diagnostic information instead of just 'socket path location is not trustworthy'.
Improve http logging
fix socket path trust check failing on root-owned directories; improv…
In the auto-gen path (handleAutoGen), when scope=max is used and the public client has no scope field in its issuer config, fall back to fetching scopes_supported from the OP's discovery endpoint instead of passing NULL to account_setAuthScope. In the interactive oidc-gen prompt, filter the default scopes (openid profile offline_access) against the OP's supported scopes so that the pre-filled suggestion only contains scopes the OP actually supports.
fix scope resolution for public clients without configured scopes (#622)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.