From ded90e5dc1c3ed16a9c5c262fcf19ea9828603bd Mon Sep 17 00:00:00 2001
From: Lukasz Raczylo <lukasz@raczylo.com>
Date: Tue, 19 May 2026 13:19:20 +0100
Subject: [PATCH] feat(lib): add (*TraefikOidc).Ready() metadata-discovery
 readiness accessor

---
 ready.go      | 11 +++++++++++
 ready_test.go | 20 ++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 ready.go
 create mode 100644 ready_test.go

diff --git a/ready.go b/ready.go
new file mode 100644
index 0000000..b1747c7
--- /dev/null
+++ b/ready.go
@@ -0,0 +1,11 @@
+package traefikoidc
+
+// Ready reports whether the middleware has completed at least one successful
+// OIDC provider metadata discovery. Used by external supervisors (e.g. the
+// oidcgate /readyz endpoint) to gate traffic until the IdP discovery doc
+// has been fetched and the authorization endpoint is known.
+func (t *TraefikOidc) Ready() bool {
+	t.metadataMu.RLock()
+	defer t.metadataMu.RUnlock()
+	return t.authURL != ""
+}
diff --git a/ready_test.go b/ready_test.go
new file mode 100644
index 0000000..3ebdf7f
--- /dev/null
+++ b/ready_test.go
@@ -0,0 +1,20 @@
+package traefikoidc
+
+import "testing"
+
+func TestReady_FalseBeforeMetadata(t *testing.T) {
+	tr := &TraefikOidc{}
+	if tr.Ready() {
+		t.Fatal("Ready() should be false before metadata discovery")
+	}
+}
+
+func TestReady_TrueAfterAuthURLSet(t *testing.T) {
+	tr := &TraefikOidc{}
+	tr.metadataMu.Lock()
+	tr.authURL = "https://idp.example/authorize"
+	tr.metadataMu.Unlock()
+	if !tr.Ready() {
+		t.Fatal("Ready() should be true once authURL is populated")
+	}
+}