fix: static oms return uri + sessionstorage session (e2e unblock)#128
Merged
Conversation
Code reviewNo issues found. Checked for bugs and CLAUDE.md compliance. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to the SDK migration (PR #127), fixing the live e2e blocker.
The Google login was rejected server-side by the WaaS relay with "redirect not in allowlist". Root cause: our
omsRelayReturnUricarried a per-login?s=<session>query, and OAuth redirect matching is exact, so a dynamic query can never match the static allowlisted/login. (Confirmed by probing:startOidcRedirectAuthaccepts any URI; the check is server-side at the relay callback.)Fix: use the static
${loginUI}/loginas the return URI and carry the pairing session insessionStorageacross the OAuth round-trip (standard OAuth-SPA pattern, needed for production regardless).isRelayReturnnow keys on the OAuth callback params (code/state/error) rather than the removed?s=.25/25 UI tests, 22/22 CLI tests. Merging redeploys the staging agentconnect UI (only the UI + CLI changed; relay untouched).
🤖 Generated with Claude Code