Skip to content

refactor: OAuth redirectUri 동적 처리로 변경#411

Merged
yeondon125 merged 3 commits into
developfrom
feat/dynamic-oauth-redirect-uri
Jun 7, 2026
Merged

refactor: OAuth redirectUri 동적 처리로 변경#411
yeondon125 merged 3 commits into
developfrom
feat/dynamic-oauth-redirect-uri

Conversation

@yeondon125

Copy link
Copy Markdown
Member

개요 💡

기존에 환경별로 하드코딩된 redirectUri 목록을 제거하고, window.location.origin을 기반으로 동적으로 생성하도록 변경합니다.
새로운 환경이 추가될 때마다 프론트엔드 코드를 수정할 필요 없이 자동으로 올바른 redirectUri가 설정됩니다.

작업내용 ⌨️

  • LoginButton: stage/production origin 하드코딩 목록 제거 → window.location.origin/callback 동적 설정
  • useOAuthLogin: mutation payload를 string(code)에서 { code, redirectUri } 구조로 변경
  • CallbackPage: redirectUriwindow.location.origin/callback으로 동적 생성하여 로그인 요청에 포함, 로그인 성공 후 리다이렉트 URL도 동적 처리로 변경

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request simplifies the OAuth login flow by dynamically using window.location.origin for redirect URIs and next URLs, removing hardcoded stage and production domain checks. It also updates the useOAuthLogin hook to accept and pass the redirectUri parameter. However, a critical concern was raised regarding whether the admin domains are registered with the OAuth providers and if the admin application has a /callback route, as using window.location.origin dynamically could lead to redirect URI mismatches or 404 errors.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread packages/ui/src/components/LoginButton/index.tsx Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the OAuth flow to stop relying on hardcoded environment-origin lists and instead derive redirectUri (and post-login redirect targets) from window.location.origin, so newly added environments won’t require front-end code changes to keep OAuth working.

Changes:

  • LoginButton now builds redirectUri dynamically from the browser origin instead of stage/production allowlists.
  • useOAuthLogin mutation payload changes from code: string to { code, redirectUri }.
  • CallbackPage now sends redirectUri in the login request and dynamically determines the post-login redirect URL.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
packages/ui/src/components/LoginButton/index.tsx Removes hardcoded origin mapping and builds OAuth redirect URI from runtime origin.
packages/api/src/hooks/auth/useOAuthLogin.ts Updates OAuth login mutation to accept a structured payload including redirectUri.
apps/client/src/pageContainer/CallbackPage/index.tsx Sends dynamic redirectUri to the login mutation and makes post-login redirect dynamic.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/ui/src/components/LoginButton/index.tsx Outdated
yeondon125 and others added 2 commits June 4, 2026 03:13
env 변수 기반 판별이 로컬에서도 stage API를 가리켜 잘못된 환경으로
분류되던 문제를 실제 요청 host와 origin을 기준으로 판별하도록 변경

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@yeondon125

Copy link
Copy Markdown
Member Author

c588711

어드민 환경에서 로그인 후 isAdmin 판변 과정에서 stage로 변경되는 문제점이 있어 해결하였습니다.

@junjuny0227 junjuny0227 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

수고하셨습니다

@s2yeons s2yeons left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

수고하셨습니다.

@yeondon125 yeondon125 merged commit a3bee84 into develop Jun 7, 2026
2 checks passed
@yeondon125 yeondon125 deleted the feat/dynamic-oauth-redirect-uri branch June 7, 2026 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants