feat: add backend for oidc consent

chore: init db migrations
Merge branch 'refactor/oidc-authorize' into feat/preserve-authorize
2026-06-11 22:10:23 +00:00 · 2026-06-11 18:09:14 +03:00 · 2026-06-11 17:15:09 +03:00 · 2026-06-11 16:40:23 +03:00 · 2026-06-09 16:17:57 +03:00 · 2026-06-09 11:57:29 +03:00
8 changed files with 35 additions and 71 deletions
@@ -6,7 +6,6 @@ type ScreenParams = {
  oidc_ticket?: string;
  oidc_scope?: string;
  oidc_name?: string;
-  oidc_show_consent?: boolean;
 };

 const zodScreenParams = z.object({
@@ -15,7 +14,6 @@ const zodScreenParams = z.object({
  oidc_ticket: z.string().optional(),
  oidc_scope: z.string().optional(),
  oidc_name: z.string().optional(),
-  oidc_show_consent: z.stringbool().optional(),
 });

 export function useScreenParams(params: URLSearchParams): ScreenParams {
@@ -25,7 +25,6 @@ import {
  recompileScreenParams,
  useScreenParams,
 } from "@/lib/hooks/screen-params";
-import { useEffect } from "react";

 type Scope = {
  id: string;
@@ -91,48 +90,25 @@ export const AuthorizePage = () => {
  const isOidc = screenParams.login_for === "oidc";
  const compiledParams = recompileScreenParams(screenParams);

-  const { mutate: authorizeMutate, isPending: authorizeIsPending } =
-    useMutation({
-      mutationFn: () => {
-        return axios.post("/api/oidc/authorize-complete", {
-          ticket: screenParams.oidc_ticket,
-        });
-      },
-      mutationKey: ["authorize", screenParams.oidc_ticket],
-      onSuccess: (data) => {
-        toast.info(t("authorizeSuccessTitle"), {
-          description: t("authorizeSuccessSubtitle"),
-        });
-        window.location.replace(data.data.redirect_uri);
-      },
-      onError: (error) => {
-        window.location.replace(
-          `/error?error=${encodeURIComponent(error.message)}`,
-        );
-      },
-    });
-
-  useEffect(() => {
-    if (
-      !isOidc ||
-      screenParams.oidc_ticket === undefined ||
-      screenParams.oidc_scope === undefined ||
-      !auth.authenticated
-    ) {
-      return;
-    }
-
-    if (screenParams.oidc_show_consent === false) {
-      authorizeMutate();
-    }
-  }, [
-    isOidc,
-    screenParams.oidc_ticket,
-    screenParams.oidc_scope,
-    screenParams.oidc_show_consent,
-    auth.authenticated,
-    authorizeMutate,
-  ]);
+  const authorizeMutation = useMutation({
+    mutationFn: () => {
+      return axios.post("/api/oidc/authorize-complete", {
+        ticket: screenParams.oidc_ticket,
+      });
+    },
+    mutationKey: ["authorize", screenParams.oidc_ticket],
+    onSuccess: (data) => {
+      toast.info(t("authorizeSuccessTitle"), {
+        description: t("authorizeSuccessSubtitle"),
+      });
+      window.location.replace(data.data.redirect_uri);
+    },
+    onError: (error) => {
+      window.location.replace(
+        `/error?error=${encodeURIComponent(error.message)}`,
+      );
+    },
+  });

  if (
    !isOidc ||
@@ -154,19 +130,6 @@ export const AuthorizePage = () => {
  const scopes =
    screenParams.oidc_scope.split(" ").filter((s) => s.trim() !== "") || [];

-  if (screenParams.oidc_show_consent === false) {
-    return (
-      <Card>
-        <CardHeader className="gap-1.5">
-          <CardTitle className="text-xl">Authorizing</CardTitle>
-          <CardDescription>
-            You will soon be redirected to your application...
-          </CardDescription>
-        </CardHeader>
-      </Card>
-    );
-  }
-
  return (
    <Card>
      <CardHeader className="mb-2">
@@ -208,12 +171,15 @@ export const AuthorizePage = () => {
        </CardContent>
      )}
      <CardFooter className="flex flex-col items-stretch gap-3">
-        <Button onClick={() => authorizeMutate()} loading={authorizeIsPending}>
+        <Button
+          onClick={() => authorizeMutation.mutate()}
+          loading={authorizeMutation.isPending}
+        >
          {t("authorizeTitle")}
        </Button>
        <Button
          onClick={() => navigate(`/logout${compiledParams}`)}
-          disabled={authorizeIsPending}
+          disabled={authorizeMutation.isPending}
          variant="outline"
        >
          {t("cancelTitle")}
@@ -58,8 +58,8 @@ func (app *BootstrapApp) setupRouter() error {
 	apiRouter := engine.Group("/api")

 	controller.NewContextController(app.log, app.config, app.runtime, apiRouter)
-	controller.NewOAuthController(app.log, app.config, app.runtime, &app.helpers, apiRouter, app.services.authService)
-	controller.NewOIDCController(app.log, app.services.oidcService, app.runtime, &app.helpers, app.config, apiRouter, &engine.RouterGroup)
+	controller.NewOAuthController(app.log, app.config, app.runtime, app.helpers, apiRouter, app.services.authService)
+	controller.NewOIDCController(app.log, app.services.oidcService, app.runtime, app.helpers, app.config, apiRouter, &engine.RouterGroup)
 	controller.NewProxyController(app.log, app.runtime, apiRouter, app.services.accessControlService, app.services.authService, app.services.policyEngine)
 	controller.NewUserController(app.log, app.runtime, apiRouter, app.services.authService)
 	controller.NewResourcesController(app.config, &engine.RouterGroup)
@@ -42,7 +42,7 @@ func (app *BootstrapApp) setupServices() error {
 	oauthBrokerService := service.NewOAuthBrokerService(app.log, app.runtime.OAuthProviders, app.ctx)
 	app.services.oauthBrokerService = oauthBrokerService

-	authService := service.NewAuthService(app.log, app.config, app.runtime, &app.helpers, app.ctx, app.ding, app.services.ldapService, app.queries, app.services.oauthBrokerService, app.services.tailscaleService, app.services.policyEngine)
+	authService := service.NewAuthService(app.log, app.config, app.runtime, app.helpers, app.ctx, app.ding, app.services.ldapService, app.queries, app.services.oauthBrokerService, app.services.tailscaleService, app.services.policyEngine)
 	app.services.authService = authService

 	oidcService, err := service.NewOIDCService(app.log, app.config, app.runtime, app.queries, app.ding)
@@ -24,7 +24,7 @@ type OAuthController struct {
 	log     *logger.Logger
 	config  model.Config
 	runtime model.RuntimeConfig
-	helpers *model.RuntimeHelpers
+	helpers model.RuntimeHelpers
 	auth    *service.AuthService
 }

@@ -32,7 +32,7 @@ func NewOAuthController(
 	log *logger.Logger,
 	config model.Config,
 	runtimeConfig model.RuntimeConfig,
-	helpers *model.RuntimeHelpers,
+	helpers model.RuntimeHelpers,
 	router *gin.RouterGroup,
 	auth *service.AuthService,
 ) *OAuthController {
@@ -33,7 +33,7 @@ type OIDCController struct {
 	log     *logger.Logger
 	oidc    *service.OIDCService
 	runtime model.RuntimeConfig
-	helpers *model.RuntimeHelpers
+	helpers model.RuntimeHelpers
 	config  model.Config
 }

@@ -87,7 +87,7 @@ func NewOIDCController(
 	log *logger.Logger,
 	oidcService *service.OIDCService,
 	runtimeConfig model.RuntimeConfig,
-	helpers *model.RuntimeHelpers,
+	helpers model.RuntimeHelpers,
 	config model.Config,
 	router *gin.RouterGroup,
 	mainRouter *gin.RouterGroup) *OIDCController {
@@ -59,7 +59,7 @@ type AuthService struct {
 	log     *logger.Logger
 	config  model.Config
 	runtime model.RuntimeConfig
-	helpers *model.RuntimeHelpers
+	helpers model.RuntimeHelpers
 	ctx     context.Context

 	ldap         *LdapService
@@ -87,7 +87,7 @@ func NewAuthService(
 	log *logger.Logger,
 	config model.Config,
 	runtime model.RuntimeConfig,
-	helpers *model.RuntimeHelpers,
+	helpers model.RuntimeHelpers,
 	ctx context.Context,
 	dg *ding.Ding,
 	ldap *LdapService,
@@ -135,8 +135,8 @@ func CreateTestConfigs(t *testing.T) (model.Config, model.RuntimeConfig) {
 	return config, runtime
 }

-func CreateTestHelpers() *model.RuntimeHelpers {
-	return &model.RuntimeHelpers{
+func CreateTestHelpers() model.RuntimeHelpers {
+	return model.RuntimeHelpers{
 		GetCookieDomain: func(ctx context.Context, ip string) (string, error) {
 			return "example.com", nil
 		},
Author	SHA1	Message	Date
Stavros	026a460d67	feat: add backend for oidc consent	2026-06-11 18:09:14 +03:00
Stavros	abb47a8180	chore: init db migrations	2026-06-11 17:15:09 +03:00
Stavros	0e00552004	Merge branch 'refactor/oidc-authorize' into feat/preserve-authorize	2026-06-11 16:40:23 +03:00
Stavros	5c5d7a43ef	chore: own review comments	2026-06-09 16:17:57 +03:00
Stavros	6a4d85dc41	chore: rabbit comments	2026-06-09 11:57:29 +03:00
Stavros	3c9817cf39	tests: fix oidc controller tests	2026-06-08 12:38:44 +03:00
Stavros	ede6e8084d	fix: support for oidc post (forgot that)	2026-06-08 12:35:13 +03:00
Stavros	4e671ed48c	tests: fix proxy controller tests	2026-06-08 12:24:19 +03:00
Stavros	a69d22bb0e	feat: add new quick actions menu instead of individual dropdowns in frontend	2026-06-08 12:16:40 +03:00
Stavros	ace64fa7ee	tests: rework oidc tests and aim for better coverage Co-Authored-By: Claude <noreply@anthropic.com>	2026-06-07 18:57:41 +03:00
Stavros	5e954da5ff	chore: go mod tidy	2026-06-06 18:05:48 +03:00
Stavros	47b7f1e6f2	feat: add back support for request oidc param	2026-06-06 18:01:59 +03:00
Stavros	f078e3549e	fix: fix oauth oidc flow	2026-06-06 17:02:06 +03:00
Stavros	da9079246a	Merge branch 'main' into refactor/oidc-authorize	2026-06-06 16:31:13 +03:00
Stavros	2454ba58ea	refactor: use ticket approach for oidc flow	2026-06-01 17:04:08 +03:00
Stavros	97e0e0dfff	wip: backend	2026-06-01 16:26:42 +03:00
Stavros	b3c152fa1c	chore: rabbit comments	2026-06-01 15:47:19 +03:00
Stavros	5caee887de	fix: ensure no oidc code reuse	2026-06-01 12:22:49 +03:00
Stavros	b5770ef305	fix: add memory back in the db bootstrap	2026-06-01 12:10:59 +03:00
Stavros	1c4ca8f436	chore: differentiate oauth userinfo from oidc userinfo	2026-06-01 12:02:11 +03:00
Stavros	a72300484b	tests: fix oidc service tests	2026-06-01 12:00:50 +03:00
Stavros	4fe5de241b	chore: fix memory store	2026-06-01 11:55:47 +03:00
Stavros	83ed9ece57	feat: add db cleanup routine back	2026-06-01 11:47:17 +03:00
Stavros	faa3156672	Merge branch 'main' into refactor/oidc-store	2026-05-31 20:11:37 +03:00
Stavros	695feca71c	refactor: rework oidc session storage	2026-05-31 20:10:53 +03:00
Stavros	82d21c3b28	Merge branch 'refactor/service-cache' into refactor/oidc-codes	2026-05-31 18:34:52 +03:00
Stavros	fe8463890a	fix: fix bugs in cache order	2026-05-31 18:29:14 +03:00
Stavros	ac9689dc9b	tests: add cache store tests	2026-05-30 15:18:23 +03:00
Stavros	3e5757cfc9	fix: fix race conditions	2026-05-30 15:04:53 +03:00
Stavros	ed94490efd	refactor: use new cache store in auth service	2026-05-29 23:33:35 +03:00