refactor: OAuth redirectUri 동적 처리로 변경#411
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request simplifies the OAuth login flow by dynamically using window.location.origin for redirect URIs and next URLs, removing hardcoded stage and production domain checks. It also updates the useOAuthLogin hook to accept and pass the redirectUri parameter. However, a critical concern was raised regarding whether the admin domains are registered with the OAuth providers and if the admin application has a /callback route, as using window.location.origin dynamically could lead to redirect URI mismatches or 404 errors.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Pull request overview
This PR refactors the OAuth flow to stop relying on hardcoded environment-origin lists and instead derive redirectUri (and post-login redirect targets) from window.location.origin, so newly added environments won’t require front-end code changes to keep OAuth working.
Changes:
LoginButtonnow buildsredirectUridynamically from the browser origin instead of stage/production allowlists.useOAuthLoginmutation payload changes fromcode: stringto{ code, redirectUri }.CallbackPagenow sendsredirectUriin the login request and dynamically determines the post-login redirect URL.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| packages/ui/src/components/LoginButton/index.tsx | Removes hardcoded origin mapping and builds OAuth redirect URI from runtime origin. |
| packages/api/src/hooks/auth/useOAuthLogin.ts | Updates OAuth login mutation to accept a structured payload including redirectUri. |
| apps/client/src/pageContainer/CallbackPage/index.tsx | Sends dynamic redirectUri to the login mutation and makes post-login redirect dynamic. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
env 변수 기반 판별이 로컬에서도 stage API를 가리켜 잘못된 환경으로 분류되던 문제를 실제 요청 host와 origin을 기준으로 판별하도록 변경 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
어드민 환경에서 로그인 후 isAdmin 판변 과정에서 stage로 변경되는 문제점이 있어 해결하였습니다. |
개요 💡
기존에 환경별로 하드코딩된
redirectUri목록을 제거하고,window.location.origin을 기반으로 동적으로 생성하도록 변경합니다.새로운 환경이 추가될 때마다 프론트엔드 코드를 수정할 필요 없이 자동으로 올바른
redirectUri가 설정됩니다.작업내용 ⌨️
LoginButton: stage/production origin 하드코딩 목록 제거 →window.location.origin/callback동적 설정useOAuthLogin: mutation payload를string(code)에서{ code, redirectUri }구조로 변경CallbackPage:redirectUri를window.location.origin/callback으로 동적 생성하여 로그인 요청에 포함, 로그인 성공 후 리다이렉트 URL도 동적 처리로 변경