SSO login fix (#5167)

Fixes bug where SSO login with custom providers caused an
`InvalidClientRegistrationIdException: Invalid Client Registration with
Id: oidc` errors.

  Root Cause:
- Backend: Redirect URI was hardcoded to `/login/oauth2/code/oidc`
regardless of provider registration ID
- Frontend: Unknown providers were mapped back to 'oidc' instead of
using actual provider ID

Closes #5141

---------

Co-authored-by: Anthony Stirling <[email protected]>
Co-authored-by: Keon Chen <[email protected]>
This commit is contained in:
Dario Ghunney Ware
2025-12-05 23:19:41 +00:00
committed by GitHub
co-authored by Anthony Stirling Keon Chen
parent 9fd8fd89ed
commit 82dbcfbb9b
12 changed files with 961 additions and 55 deletions
@@ -10,6 +10,7 @@
import apiClient from '@app/services/apiClient';
import { AxiosError } from 'axios';
import { BASE_PATH } from '@app/constants/app';
import { type OAuthProvider } from '@app/auth/oauthTypes';
// Helper to extract error message from axios error
function getErrorMessage(error: unknown, fallback: string): string {
@@ -248,11 +249,14 @@ class SpringAuthClient {
}
/**
* Sign in with OAuth provider (GitHub, Google, etc.)
* Sign in with OAuth provider (GitHub, Google, Authentik, etc.)
* This redirects to the Spring OAuth2 authorization endpoint
*
* @param params.provider - OAuth provider ID (e.g., 'github', 'google', 'authentik', 'mycompany')
* Can be any known provider or custom string - the backend determines available providers
*/
async signInWithOAuth(params: {
provider: 'github' | 'google' | 'apple' | 'azure' | 'keycloak' | 'oidc';
provider: OAuthProvider;
options?: { redirectTo?: string; queryParams?: Record<string, any> };
}): Promise<{ error: AuthError | null }> {
try {