fix: properly implement token exchange for discovery #2769
+1,229
−166
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Large PR Detected
This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.
How to unblock this PR:
Add a section to your PR description with the following format:
## Large PR Justification
[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformationAlternative:
Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.
See our Contributing Guidelines for more details.
This review will be automatically dismissed once you add the justification section.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2769 +/- ##
==========================================
- Coverage 56.48% 56.44% -0.05%
==========================================
Files 319 319
Lines 30943 31022 +79
==========================================
+ Hits 17479 17510 +31
- Misses 11960 12000 +40
- Partials 1504 1512 +8 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Copilot finished reviewing on behalf of
yrobla
November 27, 2025 16:37
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes token exchange for discovery mode in the Virtual MCP (vmcp) system by addressing configuration format issues and adding comprehensive end-to-end testing with mock servers deployed as Kubernetes resources.
Key Changes:
- Fixes vmcp configuration YAML format conversion to use a flat
token_cache.configstructure instead of separatememory/redissections, aligning with the YAML loader's expected format - Adds discovery logic for incoming OIDC configuration from backend MCPServers, enabling vMCP to authenticate to backends that require OIDC
- Implements comprehensive E2E tests with mock HTTP, OAuth token exchange, and OIDC servers deployed as Kubernetes pods to validate authentication flows
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| test/e2e/thv-operator/virtualmcp/virtualmcp_auth_discovery_test.go | Replaces simple httptest mock with Kubernetes-deployed mock servers (HTTP, OAuth, OIDC) for realistic E2E testing of auth discovery and token exchange flows |
| test/e2e/thv-operator/virtualmcp/helpers.go | Adds GetPodLogs helper function to retrieve logs from specific pods for debugging test failures |
| test/e2e/oidc_mock.go | Implements proper JWKS endpoint with RSA public key export and adds client_credentials grant type support |
| pkg/vmcp/workloads/k8s.go | Adds discoverIncomingOIDCConfig method to discover and populate OIDC configuration from backend MCPServers, enabling vMCP→backend authentication |
| pkg/vmcp/types.go | Adds IncomingOIDCConfig field to Backend and BackendTarget types for storing discovered OIDC configuration |
| pkg/vmcp/registry.go | Propagates IncomingOIDCConfig field when converting Backend to BackendTarget |
| cmd/thv-operator/controllers/virtualmcpserver_vmcpconfig.go | Implements convertToCLIFormat to transform Go config structs into vmcp CLI-compatible YAML format with flat token_cache.config structure |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
test/e2e/thv-operator/virtualmcp/virtualmcp_auth_discovery_test.go
Outdated
Show resolved
Hide resolved
test/e2e/thv-operator/virtualmcp/virtualmcp_auth_discovery_test.go
Outdated
Show resolved
Hide resolved
test/e2e/thv-operator/virtualmcp/virtualmcp_auth_discovery_test.go
Outdated
Show resolved
Hide resolved
github-actions
bot
added
size/XL
github-actions
bot
dismissed
their stale review
Large PR justification has been provided. Thank you!
Contributor
|
✅ Large PR justification has been provided. The size review has been dismissed and this PR can now proceed with normal review. |
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
7c3263b to
68da4c9
Compare
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
68da4c9 to
b3ff79c
Compare
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
b3ff79c to
28615db
Compare
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
28615db to
bfe83b2
Compare
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
bfe83b2 to
5c6563b
Compare
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
5c6563b to
03e0d32
Compare
github-actions
bot
added
size/XL
jhrozek
reviewed
Nov 28, 2025
yrobla
force-pushed
the
fix/auth_discovery_test
branch
2 times, most recently
from
18a756b to
d0c5bf0
Compare
when using the discovered mode on vmcp, we discovered that it was not working for several problems. Add a fix and add proper testing to validate
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
d0c5bf0 to
47b3af7
Compare
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
47b3af7 to
a27d766
Compare
github-actions
bot
added
size/XL
Copilot finished reviewing on behalf of
yrobla
November 28, 2025 15:53
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
a27d766 to
c7327cd
Compare
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
c7327cd to
76eec1d
Compare
github-actions
bot
added
size/XL
yrobla
force-pushed
the
fix/auth_discovery_test
branch
from
76eec1d to
7cf6767
Compare
github-actions
bot
added
size/XL
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
when using the discovered mode on vmcp, we discovered that it was not working for several problems. Add a fix and add proper testing to validate
Large PR Justification
This is a complete fix of the feature, including unit tests. The fixes are atomic and need to come together to solve the issue