Skip to content

Adapt editor extension to Hub OIDC Provider #1360

Open
Open
Adapt editor extension to Hub OIDC Provider#1360
@djzager

Description

@djzager
djzager
opened on Apr 23, 2026

Adapt editor extension to Hub OIDC Provider (0.10)

The Hub OIDC Provider enhancement eliminates Keycloak and changes how tools authenticate with Hub. This tracking issue captures the editor extension work needed to adapt.

Work Items

  • PAT-based authentication: Replace short-lived JWT token flow with PAT acquisition. Hub tools authenticate by POST to a new endpoint that returns a PAT instead of a JWT.
  • LLM Proxy integration: LLM Proxy will no longer perform token auth directly — it moves behind hub /services endpoint with auth delegated to hub. Update proxy URL configuration and auth headers accordingly.
  • Agent subprocess credentials: PATs are long-lived, eliminating the credential refresh problem (Agent subprocess credentials expire with no way to refresh them #1334). Remove or simplify the credential file sidecar pattern if PATs have sufficient lifetime.
  • Centralized config: Ensure the configuration dialog and hub connection flow work with the new OIDC endpoints (discovery, authorization, token).
  • Testing: E2E tests for hub-connected workflows with the new auth model.

Dependencies

Context

Closes the gap identified in #1321 and resolves #1334.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions