fix(openbao-ui): handle OIDC callback without Ember popup flow
OpenBao's Ember UI expects OIDC to complete in a popup and postMessage to window.opener. The standalone KeyCape login uses a full-page redirect, so the callback now exchanges the authorization code directly, persists the UI token in localStorage, and redirects into the vault UI. Unauthenticated /ui/ loads also redirect to the standalone login page to avoid ?with= bounce loops.
This commit is contained in:
parent
520c7ea2c0
commit
50799938db
8 changed files with 205 additions and 2 deletions
|
|
@ -33,6 +33,7 @@ behaviour.
|
|||
| `overlay.css` | Hide raw OpenBao login fields |
|
||||
| `overlay.js` | Apply presets, branding on post-login Ember pages |
|
||||
| `login.html` / `login.js` / `login.css` | Standalone KeyCape login at `/ui/vault/auth` |
|
||||
| `callback.html` / `callback.js` | OIDC code exchange at `/ui/vault/auth/*/oidc/callback` |
|
||||
| `nginx.conf` | Gateway proxy + standalone auth page + HTML injection |
|
||||
| `patches/<version>/manifest.sha256` | Upstream UI fingerprints for drift detection |
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue