Auth Updates for CWMS-CLI Login by krowvin · Pull Request #1680 · USACE/cwms-data-api

krowvin · 2026-04-08T04:54:17Z

Alters CDA published OpenID Connect metadata and improves local OIDC test coverage

Changes:

remove the invalid HTTP auth scheme("openid") from the oIdConnect security scheme so Swagger publishes a correct oIdConnectUrl
add a focused test for openID security scheme
add debug logging for JWT validation failures to expose the underlying claim/signature issue during local auth setup
update local compose seed data so m5hectest has TS ID Creator in SWT, matching the documented/test write-user expectations

Used this in testing

krowvin requested a review from MikeNeilson April 8, 2026 04:54

krowvin added 3 commits April 8, 2026 07:17

openidconnect security scheme swagger/openapi fix + test

9d04625

Add FINE logging to help identify issuer mismatches

be4b8e3

Add SWT to users seed, keycloak has SWT user

96b270d

MikeNeilson force-pushed the cwms-cli-login branch from 0b52ca6 to 96b270d Compare April 8, 2026 14:17

MikeNeilson approved these changes Apr 8, 2026

View reviewed changes

krowvin merged commit 20e6a67 into develop Apr 8, 2026
8 of 10 checks passed

krowvin deleted the cwms-cli-login branch April 8, 2026 15:17

Provide feedback