cameleer/cameleer-server
1
0
Fork 0
Code Issues 44 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auto-redirect to OIDC provider for true SSO
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 1m51s
Details
CI / docker (push) Successful in 2m37s
Details
CI / deploy-feature (push) Has been skipped
Details
CI / deploy (push) Successful in 54s
Details

Browse Source 
When OIDC is configured, the login page automatically redirects to the
provider with prompt=none. If the user has an active OIDC session, they
are signed in without seeing a login page. If the provider returns
login_required (no session), falls back to the login form via ?local.
Users can bypass auto-redirect with /login?local.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-06 01:20:55 +02:00
parent 4244dd82e9
commit 3cea306e17
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ui/src/auth/LoginPage.tsx
View File

@@ -1,5 +1,5 @@
import { type FormEvent, useEffect, useMemo, useState } from 'react'; import { type FormEvent, useEffect, useMemo, useRef, useState } from 'react';
import { Navigate } from 'react-router'; import { Navigate, useSearchParams } from 'react-router';
import { useAuthStore } from './auth-store'; import { useAuthStore } from './auth-store';
import { api } from '../api/client'; import { api } from '../api/client';
import { config } from '../config'; import { config } from '../config';
@@ -41,11 +41,14 @@ const SUBTITLES = [
export function LoginPage() { export function LoginPage() {
const { isAuthenticated, login, loading, error } = useAuthStore(); const { isAuthenticated, login, loading, error } = useAuthStore();
const [searchParams] = useSearchParams();
const forceLocal = searchParams.has('local');
const subtitle = useMemo(() => SUBTITLES[Math.floor(Math.random() * SUBTITLES.length)], []); const subtitle = useMemo(() => SUBTITLES[Math.floor(Math.random() * SUBTITLES.length)], []);
const [username, setUsername] = useState(''); const [username, setUsername] = useState('');
const [password, setPassword] = useState(''); const [password, setPassword] = useState('');
const [oidc, setOidc] = useState<OidcInfo | null>(null); const [oidc, setOidc] = useState<OidcInfo | null>(null);
const [oidcLoading, setOidcLoading] = useState(false); const [oidcLoading, setOidcLoading] = useState(false);
const autoRedirected = useRef(false);
useEffect(() => { useEffect(() => {
api.GET('/auth/oidc/config') api.GET('/auth/oidc/config')
@@ -60,6 +63,22 @@ export function LoginPage() {
.catch(() => {}); .catch(() => {});
}, []); }, []);
// Auto-redirect to OIDC provider for SSO (skip if ?local is in URL)
useEffect(() => {
if (oidc && !forceLocal && !autoRedirected.current) {
autoRedirected.current = true;
const redirectUri = `${window.location.origin}${config.basePath}oidc/callback`;
const params = new URLSearchParams({
response_type: 'code',
client_id: oidc.clientId,
redirect_uri: redirectUri,
scope: 'openid email profile',
prompt: 'none',
});
window.location.href = `${oidc.authorizationEndpoint}?${params}`;
}
}, [oidc, forceLocal]);
if (isAuthenticated) return <Navigate to="/" replace />; if (isAuthenticated) return <Navigate to="/" replace />;
const handleSubmit = (e: FormEvent) => { const handleSubmit = (e: FormEvent) => {

5
ui/src/auth/OidcCallback.tsx
View File

@@ -18,6 +18,11 @@ export function OidcCallback() {
const errorParam = params.get('error'); const errorParam = params.get('error');
if (errorParam) { if (errorParam) {
// prompt=none SSO attempt failed (no active session) — fall back to login form
if (errorParam === 'login_required' || errorParam === 'interaction_required') {
window.location.replace(`${config.basePath}login?local`);
return;
}
useAuthStore.setState({ useAuthStore.setState({
error: params.get('error_description') || errorParam, error: params.get('error_description') || errorParam,
loading: false, loading: false,