feat: add OAuthGate components for user-level OAuth connections#17
Open
rishikesh-major wants to merge 10 commits intomainfrom
Open
feat: add OAuthGate components for user-level OAuth connections#17rishikesh-major wants to merge 10 commits intomainfrom
rishikesh-major wants to merge 10 commits intomainfrom
Conversation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The deployed app handles OAuth entirely on its own via the OAuthGate server component and x-major-user-jwt. No need to delegate to the parent shell when running inside the dashboard iframe. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
RESOURCE_API_URL is pod-reachable for server-side status checks. RESOURCE_API_BROWSER_URL is browser-reachable for OAuth redirect links. Locally these differ (host.docker.internal vs localhost). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move JSX out of try/catch in oauth-gate.tsx (react-hooks/error-boundaries) - Use lazy useState initializer instead of useEffect+setState in oauth-gate-screen.tsx (react-hooks/set-state-in-effect) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The OAuthGate sign-in button was navigating directly to the go-api auth-url endpoint, which returns JSON. Now it fetches the endpoint, extracts the actual Google OAuth URL, and redirects to that. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The auth-url endpoint requires session auth, which isn't available from the deployed app's browser context. Move URL resolution to the server component using a new internal JWT-authenticated endpoint, so the client receives actual Google OAuth URLs it can navigate to directly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Google blocks OAuth consent in iframes (403), and the redirect flow had returnUrl issues. Switch to popup-only: opens Google consent in a popup window, listens for postMessage/close, then reloads to re-check status via SSR. Works uniformly in both dashboard iframe and standalone. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
<OAuthGate>and<OAuthGateScreen>components that deployed apps use to gate access behind user-level OAuth connections (e.g., Google Calendar).<OAuthGate>is a server component that checks go-api's/internal/user-oauth/statusendpoint during SSR to see if the current user has connected all required OAuth providers<OAuthGateScreen>(a client component) with branded connect buttons instead of the app content{children}normallypostMessageback to close the popup and refresh the gateUsage
Companion PR
🤖 Generated with Claude Code