Re: [PR] [#11141] improvement(ui):Change the OIDC callback address based on NEXT_PUBLIC_BASE and catch error [gravitino]

Mon, 18 May 2026 20:10:49 -0700 


Copilot commented on code in PR #11142:
URL: https://github.com/apache/gravitino/pull/11142#discussion_r3263420663


##########
web-v2/web/src/lib/auth/providers/oidc.js:
##########
@@ -45,9 +76,9 @@ export class OidcOAuthProvider extends BaseOAuthProvider {
       client_id: clientId,
       response_type: 'code', // Use Authorization Code flow with PKCE
       scope: scope,
-      redirect_uri: `${window.location.origin}/ui/oauth/callback`,
-      post_logout_redirect_uri: `${window.location.origin}/ui/oauth/logout`,
-      silent_redirect_uri: 
`${window.location.origin}/ui/oauth/silent-callback`,
+      redirect_uri: buildOidcUrl('/oauth/callback'),
+      post_logout_redirect_uri: buildOidcUrl('/oauth/logout'),
+      silent_redirect_uri: buildOidcUrl('/oauth/silent-callback'),

Review Comment:
   The redirect/post-logout/silent redirect URIs are now derived from 
NEXT_PUBLIC_BASE_PATH instead of hardcoded `/ui`, but the existing Vitest 
expectations in `web-v2/web/src/lib/auth/providers/oidc.test.js` still assert 
`/ui/oauth/*`. This will cause unit tests to fail and also misses coverage for 
base-path variants (e.g., empty vs `/ui`) and the new secure-origin check. 
Update/add tests to validate the computed URIs and the HTTPS/localhost guard 
behavior.



##########
web-v2/web/src/app/login/components/OidcLogin.js:
##########
@@ -91,9 +91,11 @@ function OidcLoginButton({ userManager }) {
     }
 
     try {
+      onError(null)
       setIsLoggingIn(true)
       await userManager.signinRedirect()
     } catch (error) {
+      onError(error.message || 'Failed to redirect to the identity provider')
       setIsLoggingIn(false)
     }

Review Comment:
   `OidcLoginButton` now forwards redirect errors to the parent via `setError`, 
but `OidcLogin` renders only an `<Alert>` when `error` is set, which removes 
the login button and prevents the user from retrying without a full page 
refresh. Consider tracking redirect errors separately from initialization 
errors, or rendering the error message alongside the button so a retry remains 
possible.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to