go-sdk icon indicating copy to clipboard operation
go-sdk copied to clipboard
verified publisher icon openfga

Credentials are ignored when custom HTTPClient is provided

Open rhamzeh opened this issue 4 months ago • 1 comments

Checklist

  • [x] I have looked into the README and have not found a suitable solution or answer.
  • [x] I have looked into the documentation and have not found a suitable solution or answer.
  • [x] I have searched the issues and have not found a suitable solution or answer.
  • [x] I have upgraded to the latest version of OpenFGA and the issue still persists.
  • [x] I have searched the Slack community and have not found a suitable solution or answer.
  • [x] I agree to the terms within the OpenFGA Code of Conduct.

Description

  • Credentials are only processed when cfg.HTTPClient == nil
  • No way to combine custom transport settings with authentication

Expectation

  • Credentials should always be processed when provided
  • When both HTTPClient and Credentials are provided, both should be honored if possible - if not an error should be thrown on initialization to warn the user

Reproduction

  1. Make sure you have OpenFGA running on localhost port 8080
docker run -p 8080:8080  docker.io/openfga/openfga:latest run
  1. Configure the Client with both httpClient and credentials and call any random method
package main

import (
	"context"
	"fmt"
	"net/http"

	"github.com/openfga/go-sdk/client"
	"github.com/openfga/go-sdk/credentials"
)

func main() {
	fgaClient, err := client.NewSdkClient(&client.ClientConfiguration{
		ApiUrl: "http://localhost:8080",
		Credentials: &credentials.Credentials{
			Method: credentials.CredentialsMethodClientCredentials,
			Config: &credentials.Config{
				ClientCredentialsClientId:       "some-client-id",
				ClientCredentialsClientSecret:   "some-client-secret",
				ClientCredentialsApiAudience:    "https://api.fga.example/",
				ClientCredentialsApiTokenIssuer: "issuer.fga.example",
			},
		},
		HTTPClient: &http.Client{},
	})
	if err != nil {
		panic(err)
	}

	body := client.ClientCreateStoreRequest{Name: "FGA Demo"}
	store, err := fgaClient.CreateStore(context.Background()).Body(body).Execute()
	if err != nil {
		panic(err)
	}

	// Note: This should not be created, as the token exchange should have failed (as issuer.fga.example is non-existent)
	fmt.Println("Created store with ID:", store.Id)
}

OpenFGA SDK version

v0.7.1

OpenFGA version

N/A

SDK Configuration

See reproduction

Logs

No response

References

Relevant part of the code with the bug: https://github.com/openfga/go-sdk/blob/main/api_client.go#L72-L88

rhamzeh avatar Sep 15 '25 12:09 rhamzeh

Hey @rhamzeh , I would like to take up this issue. Can you assign it to me?

AltuisticIsopod avatar Oct 23 '25 18:10 AltuisticIsopod