feat(auth): OIDC phase 3 — authorization-code callback route
- oidc/OidcCallback.tsx: standalone page that exchanges code+state via completeAuthorizationCodeGrant (SDK validates state = CSRF), derives user_id/device_id from the new access token via whoami(), persists the OIDC session (refresh token + expiry + issuer/clientId/redirectUri/idTokenClaims), then full-page-reloads at the app root. Minimal UI (no Overlay/portal) so it needs no app providers. - App.tsx: short-circuit — render OidcCallback before the RouterProvider when the path is the OIDC callback (redirect_uris can't contain a fragment, so it must live outside the hash router). The nginx SPA catch-all already serves index.html for it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -28,6 +28,8 @@ import { useTauriNotificationBadge } from '../hooks/useTauriNotificationBadge';
|
||||
import { SeasonalEffect } from '../components/seasonal/SeasonalEffect';
|
||||
import { applyCustomAccent, removeCustomAccent } from '../utils/accentColor';
|
||||
import { zIndices } from '../styles/zIndex';
|
||||
import { OIDC_CALLBACK_PATH } from './paths';
|
||||
import { OidcCallback } from './auth/oidc/OidcCallback';
|
||||
|
||||
const FONT_MAP: Record<string, string> = {
|
||||
system: "system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif",
|
||||
@@ -111,6 +113,14 @@ function App() {
|
||||
|
||||
const portalContainer = document.getElementById('portalContainer') ?? undefined;
|
||||
|
||||
// OIDC/next-gen-auth callback is a real (non-hash) path: OAuth redirect_uris
|
||||
// can't contain a fragment, so it must be handled OUTSIDE the router. Render
|
||||
// the standalone callback page before the RouterProvider mounts. It needs no
|
||||
// app providers (it only touches the SDK + localStorage).
|
||||
if (window.location.pathname.endsWith(OIDC_CALLBACK_PATH)) {
|
||||
return <OidcCallback />;
|
||||
}
|
||||
|
||||
return (
|
||||
<ErrorBoundary
|
||||
fallbackRender={({ error, resetErrorBoundary }) => (
|
||||
|
||||
Reference in New Issue
Block a user