Copilot commented on code in PR #1441:
URL: https://github.com/apache/pulsar-client-go/pull/1441#discussion_r2565125101
##########
oauth2/client_credentials_flow.go:
##########
@@ -47,29 +46,24 @@ type ClientCredentialsExchanger interface {
ExchangeClientCredentials(req ClientCredentialsExchangeRequest)
(*TokenResult, error)
}
+// GrantProvider abstracts the creation of authorization grants from
credentials
+type GrantProvider interface {
+ GetGrant(audience string, options *ClientCredentialsFlowOptions)
(*AuthorizationGrant, error)
+}
+
type ClientCredentialsFlowOptions struct {
KeyFile string
AdditionalScopes []string
}
-func newClientCredentialsFlow(
- options ClientCredentialsFlowOptions,
- keyfile *KeyFile,
- oidcWellKnownEndpoints OIDCWellKnownEndpoints,
- exchanger ClientCredentialsExchanger,
- clock clock.Clock) *ClientCredentialsFlow {
- return &ClientCredentialsFlow{
- options: options,
- oidcWellKnownEndpoints: oidcWellKnownEndpoints,
- keyfile: keyfile,
- exchanger: exchanger,
- clock: clock,
- }
+// DefaultGrantProvider provides authorization grants by loading credentials
from a key file
+type DefaultGrantProvider struct {
}
-// NewDefaultClientCredentialsFlow provides an easy way to build up a default
-// client credentials flow with all the correct configuration.
-func NewDefaultClientCredentialsFlow(options ClientCredentialsFlowOptions)
(*ClientCredentialsFlow, error) {
+// GetGrant creates an authorization grant by loading credentials from the key
file and
+// merging the scopes from both the options and the key file configuration
+func (p *DefaultGrantProvider) GetGrant(audience string, options
*ClientCredentialsFlowOptions) (
+ *AuthorizationGrant, error) {
Review Comment:
The function `GetGrant` doesn't validate that the `options` parameter is
non-nil before dereferencing it at line 67 (`options.KeyFile`). While current
callers always pass a valid pointer, since both `GrantProvider` and
`DefaultGrantProvider` are exported, external code could call this with nil,
causing a panic.
Consider adding a nil check:
```go
func (p *DefaultGrantProvider) GetGrant(audience string, options
*ClientCredentialsFlowOptions) (
*AuthorizationGrant, error) {
if options == nil {
return nil, errors.New("options cannot be nil")
}
// ... rest of the function
}
```
```suggestion
*AuthorizationGrant, error) {
if options == nil {
return nil, errors.New("options cannot be nil")
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
