~bigbes/lethe

34867fba4a37a882c2190e4af137984a56e26d98 — Eugene Blikh a month ago 05f80f3 
docs(lethe-oidc-stub): record review pass + conclusion
patch browse .tar.gz 
1 files changed, 19 insertions(+), 0 deletions(-)

M docs/tasks/lethe-oidc-stub.md

M docs/tasks/lethe-oidc-stub.md => docs/tasks/lethe-oidc-stub.md +19 -0
@@ 257,6 257,25 @@ Rollback per phase: each commit is independently revertable. PH3 alone reverts c

## Conclusion

Outcome: oidcstub lifted to `internal/testutil/oidcstub/` and wired into the daemon as an opt-in dev OP under `auth.oidc.dev_stub`; verify-driven fix-up corrected a pre-existing latent steward injection bug in `OIDCVerifier`. HEAD `05f80f3`.

Invariants:
- IV1 — `internal/testutil/oidcstub/oidcstub.go` imports stdlib + `go.bigb.es/auxilia/culpa` only.
- IV2 — `OIDCDevStub` registers ahead of `OIDCVerifier` in `cmd/lethe/main.go:134-143`; `TestOIDCDevStub_InitStartsListener_TokenVerifies` and live smoke both confirm verifier discovery resolves.
- IV3 — `TestOIDCDevStub_DisabledIsNoop` covers default-disabled no-listener path; `cmd/lethe/main.go:134` registers the asset only when both flags are true.
- IV4 — `OIDCDevStub` reads from `Cfg.OIDC.{Issuer,Audience,UsernameClaim}` and constructs `oidcstub.New(...)` with the same values; smoke proved verifier accepts stub-minted tokens.
- IV5 — `internal/server/auth/middleware_test.go` retains all 22 OIDC + forward-auth cases passing post-refactor.

### Assumptions check

- AS1 — held. Gate is config-only; operator must explicitly set `auth.oidc.dev_stub.enabled: true` in YAML.
- AS2 — held. `coreos/go-oidc/v3` accepted `http://127.0.0.1:8191` in live smoke.
- AS3 — held. `rsa.GenerateKey(rand.Reader, 2048)` is called inside `New` at `oidcstub.go:66`; tokens from a previous run stop verifying after restart by design.

### Unknowns outcome

- UK1 — resolved: `/dev/token` accepts only `?sub=` + `?exp=`. No additional claim overrides shipped; the banner + endpoint cover every observed need in execute and verify, and the API can extend additively if a real edge case surfaces.

### Deviations from plan

- PH1 — added `Stub.Issuer() string` getter beyond the planned `SetIssuer`. **Why:** `middleware_test.go` builds `config.OIDCConfig{Issuer: ...}` after `httptest.NewServer` returns, and needs to read the value back from the stub. Read-only; no mutable-state concern.