Conversation
…e functions to agents.md
…rue to avoid 'false positives' for x = y readability formatting
…regular assignments
blindzero
added this to the
v0.8.0 - Real Providers I (AD + EntraID + EntraID-Sync) milestone
blindzero
added
enhancement
…on-session-broker
There was a problem hiding this comment.
Pull request overview
This PR introduces a secure authentication session acquisition mechanism through the ExecutionContext, enabling providers to request authenticated sessions via a host-supplied broker without implementing their own authentication flows.
Changes:
- Added
Context.AcquireAuthSession(Name, Options)method to ExecutionContext with security boundaries (ScriptBlock rejection, option normalization, CorrelationId/Actor enrichment) - Implemented fail-fast validation to ensure AuthSessionBroker is present when AcquireAuthSession steps are used
- Added backwards-compatible Context parameter injection (only passed to handlers that support it)
- Enhanced redaction boundaries to prevent AuthSessionBroker secrets and methods from leaking through execution results
- Updated documentation across extensibility, providers/contracts, and events/observability guides
Reviewed changes
Copilot reviewed 12 out of 20 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/IdLE.Core/Public/Invoke-IdlePlanObject.ps1 | Core implementation: AcquireAuthSession method, security validation, backwards-compatible Context injection |
| tests/Invoke-IdlePlan.Tests.ps1 | Test coverage for broker acquisition, option normalization, ScriptBlock rejection, missing broker scenarios |
| tests/Redaction.Boundaries.Tests.ps1 | Security test ensuring AuthSessionBroker secrets are redacted and methods don't leak in execution results |
| docs/reference/providers-and-contracts.md | Documentation of AuthSessionBroker contract and execution context injection |
| docs/reference/events-and-observability.md | Security guidelines for events and auth session acquisition |
| docs/advanced/extensibility.md | Provider guidance for auth session acquisition pattern |
| STYLEGUIDE.md | Updated reference from AcquireSession to AcquireAuthSession |
| PSScriptAnalyzerSettings.psd1 | Formatting rule adjustment for hash table alignment |
| .gitattributes | Added HTML file line ending configuration |
| tools/Generate-IdleStepReference.ps1 | Removed unused timestamp variable |
| tools/Generate-IdleCmdletReference.ps1 | Removed unused timestamp variable |
| Multiple files | Whitespace alignment formatting fixes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9b655c572c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
… function to avoid duplication
…broker' of https://github.com/blindzero/IdentityLifecycleEngine into issues/77-architecture-provider-authentication-session-broker
…comma behaviour (@...) would not prevent enumeration
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 23 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…ehaviour (@...) would not prevent enumeration
…broker' of https://github.com/blindzero/IdentityLifecycleEngine into issues/77-architecture-provider-authentication-session-broker
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 24 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 24 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@blindzero I've opened a new pull request, #82, to work on those changes. Once the pull request is ready, I'll request review from you. |
…ext parameter Co-authored-by: blindzero <13959569+blindzero@users.noreply.github.com>
test: add backwards compatibility test for step handlers without Context parameter
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 15 out of 26 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
blindzero
deleted the
issues/77-architecture-provider-authentication-session-broker
branch
Summary
This PR introduces the AuthSessionBroker execution-time contract and integrates it into the execution context, including security boundaries and backwards-compatible step invocation.
Type of Change
Changes
Notes on non-functional commits
Includes minor formatting/config tweaks for line endings and ScriptAnalyzer rule handling to keep CI clean.
Testing
Related Issues
Closes #77