fix(webview-accounts): zoom Sign in with Google escapes to system browser (#1294)

[oxoxDev]

Summary

• Add "zoom" to provider_supports_google_sso() so Zoom Google OAuth popups reroute into the parent webview instead of escaping to the system browser.
• Extend Zoom's provider_allowed_hosts() arm with the same Google OAuth host set Slack uses (accounts.google.com, accounts.googleusercontent.com, oauth2.googleapis.com, www.googleapis.com, etc.) so the rerouted parent navigation is classified internal.
• Three new unit tests modeled on existing Slack/Google-Meet patterns, locking the SSO gate, popup-to-parent decision, and host-allowlist behavior for Zoom.

Problem

Clicking "Sign in with Google" inside the Zoom embedded webview redirected to the external browser and surfaced Zoom error 300 ("Oops! We were unable to complete your request. Please try again."). The Google OAuth window.open("https://accounts.google.com/...") popup walked every reroute branch in app/src-tauri/src/webview_accounts/mod.rs on_new_window (line 2132) and fell through to open_in_system_browser at line 2212 because Zoom was missing from two adjacent allowlists:

1. provider_supports_google_sso() at lines 277-279 — only "google-meet" | "slack" were gated true; Zoom failed the gate at line 293 inside popup_should_navigate_parent().
2. Zoom's provider_allowed_hosts() arm at line 116 — only Zoom's own domains were listed; no Google OAuth hosts.

Once OAuth escaped to the system browser, the Google session cookie landed outside the per-account CEF profile (line 1879). The callback to the embedded Zoom webview lost the Google session and Zoom returned error 300.

Solution

Mirror the existing Slack/Google-Meet pattern that already works for Google sign-in inside embedded webviews:

1. Include "zoom" in provider_supports_google_sso(). This flips the gate at popup_should_navigate_parent line 293 so the Google OAuth popup is rerouted into the parent webview instead of denied.
2. Append Slack's verbatim Google OAuth host list to Zoom's provider_allowed_hosts() arm. Without this, the rerouted parent navigation would be classified external by url_is_internal() (lines 172-194) and bounced.
3. Add three tests near the existing Slack/Gmeet equivalents (lines 3699-3717): zoom_supports_google_sso, zoom_popup_navigates_parent_for_google_sso, zoom_allowed_hosts_covers_google_oauth. The popup test URL uses /v3/signin/identifier (matches is_google_auth_popup's path keywords, mirrors the working Slack test exactly) instead of the OAuth init URL /o/oauth2/v2/auth?... (which intentionally bypasses the popup detector).
4. The pre-existing provider_supports_google_sso_matrix test at line 3807 explicitly asserted !provider_supports_google_sso("zoom") — flipped to positive for consistency.

No CDP grant changes (cdp/session.rs), no recipe.js, no frontend changes, no other providers touched.

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per docs/TESTING-STRATEGY.md — 3 new unit tests cover SSO gate, popup-to-parent reroute, host allowlist; existing Slack/Gmeet/Zoom-native tests remain green (76/76 pass under cargo test webview_accounts).
• Diff coverage ≥ 80% — every changed production line (allowlist additions + match arm) is hit by the new tests.
• N/A: Coverage matrix updated — behaviour-only change to existing webview-accounts surface; no new feature row.
• N/A: All affected feature IDs from the matrix are listed in the PR description under ## Related — no matrix row touched.
• No new external network dependencies introduced (mock backend used per docs/TESTING-STRATEGY.md) — no network calls, only allowlist + match arm changes.
• N/A: Manual smoke checklist updated — existing webview-accounts smoke (Sign in with Google) covers Zoom now; no new entry needed in docs/RELEASE-MANUAL-SMOKE.md.
• Linked issue closed via Closes #NNN in the ## Related section.

Impact

• Platform: desktop only (Tauri shell). Affects Zoom embedded webview's Google OAuth flow exclusively.
• Behavior change: Zoom "Sign in with Google" now completes inside the per-account CEF profile instead of falling out to the system browser. Manually verified end-to-end on macOS dev:app build — sign-in succeeds inline, lands signed in on app.zoom.us, and session persists across app restart (per-account CEF profile cookie jar).
• Acceptance criterion 5 (clear error state): satisfied via Google's standard inline error UI inside the embedded webview when credentials are rejected — no custom OpenHuman error component added (out of minimal-fix scope).
• Security: zero new privileges granted. CDP grants for Zoom unchanged (still only notifications per cdp/session.rs:346); no media-capture grants added by this PR.
• Pre-push hook bypass: pushed with --no-verify because the husky pre-push hook fails on pre-existing main-branch breakage in unrelated areas (Prettier/lint/TypeScript/Rust warnings unrelated to webview_accounts/mod.rs). Changed Rust file is verified clean against cargo fmt --check, cargo clippy -- -D warnings, and cargo test webview_accounts (76/76 pass).

Related

• Closes: Zoom Google sign-in redirects to the browser and fails with error 300 #1294
• Follow-up PR(s)/TODOs: Zoom-specific CDP media grants (audio/video/displayCapture) for in-webview meetings — not in scope here, separate concern.

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A (GitHub issue only)
• URL: Zoom Google sign-in redirects to the browser and fails with error 300 #1294

Commit & Branch

• Branch: fix/1294-zoom-google-sso (head oxoxDev:fix/1294-zoom-google-sso)
• Commit SHA: 46d49ff0 (tip; chain: 4d558cb0 → 0369638d → 46d49ff0, all GPG-signed)

Validation Run

• pnpm --filter openhuman-app format:check — N/A: no frontend files touched; pre-existing main breakage unrelated to this branch.
• pnpm typecheck — N/A: no TypeScript changed.
• Focused tests: cargo test --manifest-path app/src-tauri/Cargo.toml webview_accounts — 76 passed, 0 failed, 0 ignored.
• Rust fmt/check (if changed): N/A: core Rust untouched.
• Tauri fmt/check (if changed): cargo fmt --check clean on app/src-tauri/src/webview_accounts/mod.rs; cargo clippy --manifest-path app/src-tauri/Cargo.toml -- -D warnings clean on changed file (pre-existing warnings elsewhere unrelated).

Validation Blocked

• command: git push origin fix/1294-zoom-google-sso (without --no-verify)
• error: husky pre-push hook reports Pre-push checks failed. Please fix format (Prettier + cargo fmt for core and Tauri), lint, TypeScript, and/or Rust errors before pushing. — failures all in pre-existing main-branch code (unused imports in slack_backfill.rs, ops_create.rs, compatible.rs, tools.rs, schemas.rs, browser.rs, agent_harness_public.rs, plus design-token regex check on app/src/components/commands/). None in files touched by this PR.
• impact: Pushed with --no-verify per the project's CLAUDE.md guidance ("If a pre-push hook fails on something unrelated to your changes, push with --no-verify and call it out in the PR body").

Behavior Changes

• Intended behavior change: Zoom "Sign in with Google" stays inside the embedded webview's per-account CEF profile.
• User-visible effect: Repro for issue Zoom Google sign-in redirects to the browser and fails with error 300 #1294 disappears; users can sign into Zoom with Google without leaving the app or hitting Zoom error 300.

Parity Contract

• Legacy behavior preserved: All non-Google-OAuth Zoom navigation paths are unchanged. Native Zoom hosts (zoom.us, zoom.com, zoomgov.com, zdassets.com) remain in the allowlist. The existing zoom_allowed_hosts_covers_core_domains test (line 3337) continues to pass after the host-list extension.
• Guard/fallback/dispatch parity checks: popup_should_navigate_parent for Slack and Google-Meet behavior unchanged. on_new_window reroute order (rewrite_provider_deep_link → popup_should_navigate_parent → popup_should_stay_in_app → is_provider_native_deep_link_scheme → open_in_system_browser) unchanged.

Duplicate / Superseded PR Handling

• Duplicate PR(s): None.
• Canonical PR: This PR.
• Resolution: N/A.

[coderabbitai]

📝 Walkthrough

Walkthrough

Zoom is now classified as a Google-SSO-supporting provider in the embedded-webview account integration. The allowed-host list for Zoom is expanded to explicitly permit Google OAuth and identity domains. Unit tests verify allowed-host coverage, Google SSO support status, and popup-navigation behavior for Zoom Google-auth flows.

Changes

Zoom Google SSO Support in Embedded Webview

Layer / File(s)	Summary
Host Allowlist Configuration app/src-tauri/src/webview_accounts/mod.rs	Zoom's provider_allowed_hosts expanded from a coarse list to include explicit Google identity/OAuth domains (accounts.google.com, googleapis.com, gstatic.com, etc.) required for Google sign-in flows.
Google SSO Provider Logic app/src-tauri/src/webview_accounts/mod.rs	provider_supports_google_sso function updated to return true for "zoom" in addition to "google-meet" and "slack", enabling popup-navigate-parent behavior for Zoom Google-auth popups.
Tests & Verification app/src-tauri/src/webview_accounts/mod.rs	New unit tests added covering Zoom's internal URL classification for Google OAuth endpoints, Zoom's Google SSO support flag, and popup-navigate-parent behavior; provider_supports_google_sso_matrix test updated to assert Zoom is supported.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• tinyhumansai/openhuman#1249: Modifies provider_supports_google_sso and provider_allowed_hosts in the same file with Google-SSO popup/navigation test updates.
• tinyhumansai/openhuman#1080: Adds Zoom deep-link scheme suppression/rewrites while this PR expands Zoom's Google identity host allowlist.
• tinyhumansai/openhuman#1054: Modifies webview_accounts provider-specific popup/navigation and allowlist/SSO handling for Zoom and other providers.

Poem

🐰 A Zoom in the Google Lane
Zoom now speaks the Google tongue,
With OAuth domains, singing along—
No more error three-oh's! The popup flies true,
Inside the webview, the session stays glued. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main fix: preventing Zoom's Google sign-in from escaping to the system browser, matching the primary change in the changeset.
Linked Issues check	✅ Passed	The pull request addresses all primary coding requirements from issue #1294: adds Zoom to Google SSO provider logic, extends allowed hosts for Google OAuth, and implements unit tests covering the fix with ≥80% diff coverage.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing Zoom's Google sign-in escape issue; no unrelated refactoring, dependency updates, or out-of-scope modifications detected in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}