Ole-Morten Duesund 006d5c1448 feat(forgejo): upstream OAuth client (forgejo-mcp-broker-b9i) ... Adds internal/forgejo: a stateless OAuth 2.1 client for upstream Forgejo. Covers what the broker AS needs: - AuthorizeURL: builds the user-agent redirect to /login/oauth/authorize - ExchangeCode: code → access+refresh tokens (PKCE verifier included) - Refresh: refresh_token grant (Forgejo rotates the refresh token) - FetchUserInfo: OIDC userinfo claims (sub, preferred_username, etc.) OAuth errors come back as a structured *forgejo.Error so the AS can distinguish "user must re-authenticate" (invalid_grant) from "transient network problem" via errors.As. Forgejo doesn't currently expose a token revocation endpoint, so revocation lives in the broker's own store — upstream tokens expire naturally. Defaults: - 30s HTTP timeout (Forgejo OAuth is sub-second when healthy) - User-Agent "fjmcp-broker" if not overridden - 64 KiB cap on response bodies (these endpoints return ~kilobytes) Tests: 95.1% coverage. httptest.Server fake Forgejo exercises every public method, every error shape (OAuth-formatted, plain {"message":...}, malformed JSON, missing required fields, network failure), and verifies form params hit the wire as expected. Closes forgejo-mcp-broker-b9i. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-04-27 13:31:19 +02:00
..
buildinfo	feat: bootstrap Go project layout (forgejo-mcp-broker-n84)	2026-04-24 16:54:27 +02:00
config	feat(config): flag + env parsing with validation (forgejo-mcp-broker-9nq)	2026-04-24 17:10:18 +02:00
forgejo	feat(forgejo): upstream OAuth client (forgejo-mcp-broker-b9i)	2026-04-27 13:31:19 +02:00
httpserver	feat(httpserver,log): /healthz, graceful shutdown, slog constructor	2026-04-24 17:26:32 +02:00
log	feat(httpserver,log): /healthz, graceful shutdown, slog constructor	2026-04-24 17:26:32 +02:00
store	feat(store): OAuth tables migration (forgejo-mcp-broker-cpb)	2026-04-27 13:28:12 +02:00