fix(openbao-ui): handle OIDC callback without Ember popup flow
OpenBao's Ember UI expects OIDC to complete in a popup and postMessage to window.opener. The standalone KeyCape login uses a full-page redirect, so the callback now exchanges the authorization code directly, persists the UI token in localStorage, and redirects into the vault UI. Unauthenticated /ui/ loads also redirect to the standalone login page to avoid ?with= bounce loops.
This commit is contained in:
@@ -65,6 +65,18 @@ if grep -Eq 'vault-|engines-dist' <<<"$auth_html"; then
|
||||
fi
|
||||
ok "auth page is standalone login.html (no Ember shell)"
|
||||
|
||||
callback_html="$(curl -fsS "$BASE_URL/ui/vault/auth/netkingdom/oidc/callback")"
|
||||
require_pattern \
|
||||
"OIDC callback serves standalone handler" \
|
||||
"$callback_html" \
|
||||
'Signing in with KeyCape|callback.js'
|
||||
|
||||
if grep -Eq 'window\.opener\.postMessage|vault-' <<<"$callback_html"; then
|
||||
err "OIDC callback still serves Ember shell (expected standalone callback.html)"
|
||||
exit 1
|
||||
fi
|
||||
ok "OIDC callback is standalone callback.html (no Ember postMessage flow)"
|
||||
|
||||
step "Overlay asset endpoints"
|
||||
index_html="$(curl -fsS "$BASE_URL/ui/")"
|
||||
overlay_js="$(curl -fsS "$BASE_URL/ui/platform-overlay/overlay.js")"
|
||||
|
||||
Reference in New Issue
Block a user