feat: allow narrowing bearer token scopes #333
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3b298c21f4
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| .object({ | ||
| access_token: z.string().min(1), | ||
| token_type: z.literal('Bearer').optional(), | ||
| expires_in: z.number(), |
There was a problem hiding this comment.
expires_in
The new success schema now requires expires_in on every 200 /token response, whereas the prior implementation only required access_token; this introduces a regression where a valid token response that omits expires_in is now treated as an error (Token response did not include an access_token.), causing both transloadit auth token and Transloadit.mintBearerToken() to fail despite successful authentication.
Useful? React with 👍 / 👎.
1 participant
Adds
--scopetotransloadit auth tokenand a programmaticTransloadit.mintBearerToken({ scope })API so hosted MCP tokens can be minted with reduced blast radius.Notes:
--scopeaccepts comma/space-separated scopes and normalizes to a stable space-separated string.@transloadit/mcp-server(one-way coupling guard).