fix(openbao-ui): handle OIDC callback without Ember popup flow
OpenBao's Ember UI expects OIDC to complete in a popup and postMessage to window.opener. The standalone KeyCape login uses a full-page redirect, so the callback now exchanges the authorization code directly, persists the UI token in localStorage, and redirects into the vault UI. Unauthenticated /ui/ loads also redirect to the standalone login page to avoid ?with= bounce loops.
This commit is contained in:
parent
520c7ea2c0
commit
50799938db
8 changed files with 205 additions and 2 deletions
|
|
@ -21,6 +21,26 @@
|
|||
let overlayApplied = false;
|
||||
let signInHandlerInstalled = false;
|
||||
|
||||
function hasStoredSession() {
|
||||
try {
|
||||
return Object.keys(window.localStorage).some((key) =>
|
||||
key.startsWith("vault-")
|
||||
);
|
||||
} catch (_error) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function isUiEntryPath() {
|
||||
const path = window.location.pathname;
|
||||
return path === "/ui" || path === "/ui/";
|
||||
}
|
||||
|
||||
function redirectUnauthenticatedUiEntry() {
|
||||
if (!isUiEntryPath() || hasStoredSession()) return;
|
||||
window.location.replace("/ui/vault/auth");
|
||||
}
|
||||
|
||||
function isAuthPage() {
|
||||
const path = window.location.pathname;
|
||||
return (
|
||||
|
|
@ -240,6 +260,7 @@
|
|||
}
|
||||
|
||||
async function init() {
|
||||
redirectUnauthenticatedUiEntry();
|
||||
if (!isAuthPage() || isOidcCallbackPage()) return;
|
||||
|
||||
await loadPresets();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue