Skip to content

docs(api-clients): add OAuth authentication examples for all SDK languages #245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
steve-calvert-glean wants to merge 3 commits into
base: main
Choose a base branch
from
Open

docs(api-clients): add OAuth authentication examples for all SDK languages #245

steve-calvert-glean wants to merge 3 commits into from

Conversation

@steve-calvert-glean
Copy link
Contributor

@steve-calvert-glean steve-calvert-glean commented Dec 19, 2025

Summary

  • Add OAuth authentication documentation to Go, Java, Python, and TypeScript API client pages
  • Each language includes prerequisites, required headers, and complete authorization code flow examples
  • Examples use idiomatic OAuth libraries for each language (golang.org/x/oauth2, Spring Security, Authlib, openid-client)

Test plan

  • Verify documentation builds successfully with pnpm build
  • Review code examples for accuracy and best practices
  • Confirm links to admin configuration pages are correct

🤖 Generated with Claude Code

@steve-calvert-glean @claude
docs(api-clients): add OAuth authentication examples for all SDK lang…
4e2b392 
…uages

Add comprehensive OAuth authentication documentation to all four API client
libraries (Go, Java, Python, TypeScript). Each includes:

- Prerequisites and admin configuration links
- Required headers table (Authorization, X-Glean-Auth-Type)
- Complete authorization code flow example using idiomatic libraries
- Token refresh tips for production use

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@steve-calvert-glean steve-calvert-glean requested a review from a team as a code owner December 19, 2025 18:30
@vercel
Copy link

vercel bot commented Dec 19, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
glean-developer-site Ready Ready Preview, Comment Dec 19, 2025 7:58pm

glean-it[bot]
glean-it bot reviewed Dec 19, 2025
View reviewed changes
@steve-calvert-glean @claude
fix(oauth-docs): correct OAuth examples with proper security practices
0ebbdfc 
Address PR review feedback:

- TypeScript: Add PKCE (code_challenge, code_verifier) and state
  verification using openid-client v6 correct API
- Java: Fix Spring Security YAML structure with proper named
  registration/provider ("glean") and authorization-grant-type
- Go: Add cryptographic state generation and validation to prevent
  CSRF attacks (was using hardcoded "state")

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
david-hamilton-glean
david-hamilton-glean reviewed Dec 19, 2025
View reviewed changes
docs/libraries/api-clients/go.mdx
ClientID: os.Getenv("OAUTH_CLIENT_ID"),
ClientSecret: os.Getenv("OAUTH_CLIENT_SECRET"),
RedirectURL: "http://localhost:8080/callback",
Scopes: []string{"openid", "email"},
Copy link
Member

@david-hamilton-glean david-hamilton-glean Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3/5 (strong opinion: non-blocking)

This should include offline_access to showcase getting a refresh token

docs/libraries/api-clients/go.mdx
Comment on lines 348 to 362
func handleLogin(w http.ResponseWriter, r *http.Request) {
state, err := generateState()
if err != nil {
http.Error(w, "Failed to generate state", http.StatusInternalServerError)
return
}

// Store state for CSRF validation
stateMu.Lock()
stateStore[state] = true
stateMu.Unlock()

url := oauthConfig.AuthCodeURL(state)
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
}
Copy link
Member

@david-hamilton-glean david-hamilton-glean Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4/5 (serious issue: blocking)

Have we validated this code works? We're OAuth 2.1 so state is optional and not even recommended but PKCE is required.

That we're generating a state suggests we might be not generating a PKCE challenge.

@steve-calvert-glean @claude
fix(oauth-docs): use verified SDK APIs and add PKCE support
98d1385 
- Go: Use correct Search.Query() with components.SearchRequest,
  add PKCE with oauth2.GenerateVerifier/S256ChallengeOption/VerifierOption
- Java: Add Spring Security PKCE config, use correct search().query() API
- Python: Add PKCE via code_challenge_method='S256', use models.SearchRequest
- TypeScript: Use correct search.query() API (not search.search())

All examples now use real SDK APIs verified from GitHub READMEs and include
proper PKCE implementation for secure OAuth flows.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@glean-it glean-it[bot] glean-it[bot] left review comments

@david-hamilton-glean david-hamilton-glean david-hamilton-glean left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@steve-calvert-glean @david-hamilton-glean