GKaszewski/k-notes
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Transition OIDC JWT token passing from URL hash to query parameter and enable auth features by default.

Browse Source
This commit is contained in:
Gabriel Kaszewski
2026-01-06 21:58:07 +01:00
parent bf9c688e6b
commit 0753f3d256
2 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
k-notes-frontend/src/pages/oidc-callback.tsx
View File

@@ -22,10 +22,11 @@ export default function OidcCallbackPage() {
const { t } = useTranslation();
useEffect(() => {
// Check for token in URL hash (implicit flow) or query params
// Check for token in query params (primary) or URL hash (legacy/fallback)
const token = searchParams.get("token");
const hashParams = new URLSearchParams(window.location.hash.slice(1));
const accessToken =
hashParams.get("access_token") || searchParams.get("access_token");
token || searchParams.get("access_token") || hashParams.get("access_token");
if (accessToken) {
// JWT mode: store the token

10
notes-api/src/routes/auth.rs
View File

@@ -387,12 +387,13 @@ async fn oidc_callback(
.await
.map_err(|_| ApiError::Internal("Session error".into()))?;
// In JWT mode, redirect to frontend with token in URL fragment
// In JWT mode, redirect to frontend with token in query parameter
// Note: Hash fragments (#) are not preserved in HTTP redirects, so we use query params
#[cfg(feature = "auth-jwt")]
if matches!(auth_mode, AuthMode::Jwt | AuthMode::Both) {
let token = create_jwt_for_user(&user, &state)?;
let redirect_url = format!(
"{}/auth/callback#access_token={}",
"{}/auth/callback?token={}",
state.config.frontend_url, token
);
return Ok(axum::response::Redirect::to(&redirect_url).into_response());
@@ -464,12 +465,13 @@ async fn oidc_callback(
.await
.map_err(|_| ApiError::Internal("Session error".into()))?;
// Redirect to frontend with token in URL fragment
// Redirect to frontend with token in query parameter
// Note: Hash fragments (#) are not preserved in HTTP redirects, so we use query params
#[cfg(feature = "auth-jwt")]
{
let token = create_jwt_for_user(&user, &state)?;
let redirect_url = format!(
"{}/auth/callback#access_token={}",
"{}/auth/callback?token={}",
state.config.frontend_url, token
);
return Ok(axum::response::Redirect::to(&redirect_url));