Ben Lambert 29d398b57c fix(auth-backend): harden default allowed patterns for CIMD and DCR (#34260) ...

* fix(auth-backend): harden default allowed patterns for CIMD and DCR

Signed-off-by: benjdlambert <ben@blam.sh>

* address PR review feedback for OIDC defaults

- narrow CLI client ID pattern to exact cli.json path
- add BREAKING prefix to changeset
- add IPv6 [::1] to docs examples
- add loopback redirect URI tests for IPv6 and 127.0.0.1

Signed-off-by: benjdlambert <ben@blam.sh>

* remove dead ['*'] fallback when features are disabled

The restrictive defaults are now always used regardless of the enabled
flag, since the patterns are only consulted on code paths that require
the feature to be enabled.

Signed-off-by: benjdlambert <ben@blam.sh>

* add default pattern tests and fix docs cli example

Signed-off-by: benjdlambert <ben@blam.sh>

* use URL constructor for CLI client ID

Signed-off-by: benjdlambert <ben@blam.sh>

* use string templating for cliClientId to match OidcRouter

Signed-off-by: benjdlambert <ben@blam.sh>

* fix docs: remove misleading CLI client_id URL example

Signed-off-by: benjdlambert <ben@blam.sh>

---------

Signed-off-by: benjdlambert <ben@blam.sh>

2026-05-19 09:45:31 +02:00

..

ISSUE_TEMPLATE

…

vale/config/vocabularies/Backstage

fix(auth-backend): harden default allowed patterns for CIMD and DCR (#34260)

2026-05-19 09:45:31 +02:00

workflows

chore(deps): update actions/labeler action to v6.1.0

2026-05-14 04:27:10 +00:00

advanced-issue-labeler.yml

…

codecov.yml

…

CODEOWNERS

feat(catalog): add catalog-backend-module-msgraph-incremental plugin

2026-04-23 15:56:43 +05:30

copilot-instructions.md

repo: migrate to AGENTS.md

2026-02-24 21:02:50 +01:00

dependabot.yml

chore: add dependabot.yml with ignored type packages

2026-02-17 15:37:21 +01:00

issue-labeler.yml

…

labeler.yml

…

PULL_REQUEST_TEMPLATE.md

…

renovate.json5

chore: ignore @types/react and @types/node in renovate

2026-02-17 15:32:38 +01:00