Implement the remaining items from docs/next-iteration-plan.md:
- Add POST /introspect endpoint (RFC 7662) with client authentication,
support for access and refresh tokens, and token_type_hint
- Add raw token lookup functions in storage for introspection
- Add revocation_endpoint and introspection_endpoint to discovery metadata
- Create docs/flows.md with end-to-end curl examples for all OIDC flows
- Create scripts/validate-oidc.sh to verify discovery, JWKS, registration,
introspection, and revocation endpoints
- Update docs/oidc-conformance.md to reflect actual implementation status
- Update README.md and CLAUDE.md pending sections to be accurate
https://claude.ai/code/session_01JBxVy75XfwwZB8iBXjTxT3
Replace all remaining references to "crabidp" with "barycenter" across:
- Source code (error diagnostics, CLI name, comments)
- Configuration files and defaults
- Environment variable prefixes (CRABIDP__ → BARYCENTER__)
- Documentation (CLAUDE.md, README.md, DEPLOYMENT.md)
- Deployment configurations (Docker Compose, Helm, systemd, FreeBSD, illumos)
- Database filenames (crabidp.db → barycenter.db)
Add Kubernetes Gateway API support to Helm chart:
- New HTTPRoute template for Gateway API
- Configurable parentRefs, hostnames, filters, and weights
- Support for advanced traffic management features
- Gateway API as modern alternative to traditional Ingress
- Documentation and examples in DEPLOYMENT.md
Benefits of Gateway API:
- More expressive and extensible routing
- Role-oriented design with separation of concerns
- Better vendor portability
- Advanced traffic management capabilities
The Helm chart now supports both traditional Ingress and
Gateway API, allowing users to choose based on their cluster
capabilities and requirements.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Problem:
- cargo test runs integration tests in parallel in the same process
- This causes port conflicts when multiple tests try to start servers
- CI tests were failing with "Server failed to start within timeout"
Solution:
- Switch to cargo-nextest which runs tests in separate processes
- This provides better test isolation and prevents port conflicts
Changes:
- CI: Install and use cargo-nextest instead of cargo test
- README.md: Document nextest usage with installation instructions
- CONTRIBUTING.md: Add prominent note about using nextest
- CLAUDE.md: Add critical reminder section about nextest requirement
Why nextest:
- Tests run in separate processes (no port conflicts)
- Better test isolation and reliability
- Cleaner output and better performance
- Industry best practice for Rust integration testing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Barycenter is an OpenID Connect Identity Provider (IdP) implementing
OAuth 2.0 Authorization Code flow with PKCE. Written in Rust using
axum, SeaORM, and josekit.
Features:
- Authorization Code flow with PKCE (S256)
- Dynamic client registration
- Token endpoint with multiple auth methods
- ID Token signing (RS256)
- UserInfo endpoint
- Discovery and JWKS publication
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
