fix(openbao-ui): handle OIDC callback without Ember popup flow
OpenBao's Ember UI expects OIDC to complete in a popup and postMessage to window.opener. The standalone KeyCape login uses a full-page redirect, so the callback now exchanges the authorization code directly, persists the UI token in localStorage, and redirects into the vault UI. Unauthenticated /ui/ loads also redirect to the standalone login page to avoid ?with= bounce loops.
This commit is contained in:
parent
520c7ea2c0
commit
50799938db
8 changed files with 205 additions and 2 deletions
|
|
@ -33,6 +33,13 @@ http {
|
|||
add_header Cache-Control "no-store";
|
||||
}
|
||||
|
||||
# OIDC callback handler — exchanges code without Ember popup/postMessage flow.
|
||||
location ~ ^/ui/vault/auth/.+/oidc/callback/?$ {
|
||||
alias /etc/nginx/overlay/callback.html;
|
||||
default_type text/html;
|
||||
add_header Cache-Control "no-store";
|
||||
}
|
||||
|
||||
# Static UI bundles and API calls bypass HTML injection and stay compressed.
|
||||
location ~ ^/(v1|ui/assets|ui/engines-dist|ui/favicon\.svg) {
|
||||
proxy_pass http://openbao_upstream;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue