cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

UI: Add OIDC login flow to frontend #40

New Issue
Closed
opened 2026-03-14 12:38:38 +01:00 by claude · 1 comment
claude commented 2026-03-14 12:38:38 +01:00
Owner
Copy Link

Context

The backend OIDC token exchange is implemented (a4de2a7). The SPA needs to support the OIDC authorization code flow alongside the existing local login.

Requirements

  • On the login page, show an "SSO Login" button when OIDC is enabled (check GET /api/v1/auth/oidc/config — returns 404 if disabled)
  • Clicking SSO redirects to the OIDC provider's authorization endpoint with response_type=code, client_id, redirect_uri, and scope=openid email profile
  • After redirect back, extract the code from URL params and POST /api/v1/auth/oidc/callback with { code, redirectUri }
  • Store the returned accessToken/refreshToken the same way as local login
  • Keep local login as fallback (always visible)

Notes

  • The /auth/oidc/config endpoint returns { issuer, clientId, authorizationEndpoint } — everything the SPA needs to build the redirect URL
  • No OIDC library needed in the SPA — it's just a redirect + code exchange
## Context The backend OIDC token exchange is implemented (a4de2a7). The SPA needs to support the OIDC authorization code flow alongside the existing local login. ## Requirements - On the login page, show an "SSO Login" button when OIDC is enabled (check `GET /api/v1/auth/oidc/config` — returns 404 if disabled) - Clicking SSO redirects to the OIDC provider's authorization endpoint with `response_type=code`, `client_id`, `redirect_uri`, and `scope=openid email profile` - After redirect back, extract the `code` from URL params and `POST /api/v1/auth/oidc/callback` with `{ code, redirectUri }` - Store the returned `accessToken`/`refreshToken` the same way as local login - Keep local login as fallback (always visible) ## Notes - The `/auth/oidc/config` endpoint returns `{ issuer, clientId, authorizationEndpoint }` — everything the SPA needs to build the redirect URL - No OIDC library needed in the SPA — it's just a redirect + code exchange
claude commented 2026-03-14 22:16:20 +01:00
Author
Owner
Copy Link

Already implemented: OidcCallback.tsx, OIDC flow in LoginPage.tsx, /oidc/callback route in router.

Already implemented: `OidcCallback.tsx`, OIDC flow in `LoginPage.tsx`, `/oidc/callback` route in router.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
Accessibility (a11y) improvements
 bug
Something isn't working correctly
 cleanup
Code cleanup, dead code removal, refactoring
 epic
Epic: groups related issues
 feature
New functionality
 pmf
Product-market fit: critical for first market offer
 route-diagram
Route diagram page and execution overlay
 security
Authentication, authorization, RBAC
 ui
Frontend / React UI
 ux
UX/usability improvements
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-server#40
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?