Skip to content

fix: static oms return uri + sessionstorage session (e2e unblock)#128

Merged
JamesLawton merged 1 commit into
stagingfrom
feat/oms-wallet-sdk-migration
Jul 16, 2026
Merged

fix: static oms return uri + sessionstorage session (e2e unblock)#128
JamesLawton merged 1 commit into
stagingfrom
feat/oms-wallet-sdk-migration

Conversation

@JamesLawton

Copy link
Copy Markdown
Collaborator

Follow-up to the SDK migration (PR #127), fixing the live e2e blocker.

The Google login was rejected server-side by the WaaS relay with "redirect not in allowlist". Root cause: our omsRelayReturnUri carried a per-login ?s=<session> query, and OAuth redirect matching is exact, so a dynamic query can never match the static allowlisted /login. (Confirmed by probing: startOidcRedirectAuth accepts any URI; the check is server-side at the relay callback.)

Fix: use the static ${loginUI}/login as the return URI and carry the pairing session in sessionStorage across the OAuth round-trip (standard OAuth-SPA pattern, needed for production regardless). isRelayReturn now keys on the OAuth callback params (code/state/error) rather than the removed ?s=.

25/25 UI tests, 22/22 CLI tests. Merging redeploys the staging agentconnect UI (only the UI + CLI changed; relay untouched).

🤖 Generated with Claude Code

@JamesLawton
JamesLawton merged commit 0a53547 into staging Jul 16, 2026
2 of 3 checks passed
@JamesLawton
JamesLawton deleted the feat/oms-wallet-sdk-migration branch July 16, 2026 15:43
@claude

claude Bot commented Jul 16, 2026

Copy link
Copy Markdown

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant