Skip to content

feat: allow existing query params in oidc redirect uri#1003

Merged
steveiliop56 merged 3 commits into
mainfrom
feat/oidc-query-params-in-redirect-uri
Jul 14, 2026
Merged

feat: allow existing query params in oidc redirect uri#1003
steveiliop56 merged 3 commits into
mainfrom
feat/oidc-query-params-in-redirect-uri

Conversation

@steveiliop56

@steveiliop56 steveiliop56 commented Jul 14, 2026

Copy link
Copy Markdown
Member

Fixes #995

Summary by CodeRabbit

  • Bug Fixes
    • Improved OIDC authorization redirect handling by preserving existing callback query parameters while adding the authorization code, and state when present.
    • Ensured OIDC error responses correctly include error details and optionally state using the callback URL query when applicable.
    • Added clearer failure behavior when redirect/callback URLs can’t be parsed, including structured JSON error responses and aborting on callback URL parse failures.

@dosubot dosubot Bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Jul 14, 2026
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 5d04db68-6de4-4508-8100-c7cc729de6ae

📥 Commits

Reviewing files that changed from the base of the PR and between e75605b and 9bb3a9d.

📒 Files selected for processing (1)
  • internal/controller/oidc_controller.go

📝 Walkthrough

Walkthrough

OIDC authorization success and callback error flows now parse redirect URIs with net/url, update query parameters directly, and serialize the resulting URLs. Parse failures return explicit authorization errors or HTTP 500 responses.

Changes

OIDC redirect handling

Layer / File(s) Summary
Parse and update OIDC redirects
internal/controller/oidc_controller.go
authorizeComplete adds code and optional state to parsed redirect URIs, while callback errors add error, optional error_description, and state; parsing failures receive explicit handling.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: preserving existing OIDC redirect URI query parameters.
Linked Issues check ✅ Passed The changes address #995 by parsing existing redirect URIs and appending code/state correctly when query params already exist.
Out of Scope Changes check ✅ Passed The added callback URL parsing stays within OIDC redirect/error handling and there are no obvious unrelated changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/oidc-query-params-in-redirect-uri

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 14, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 60.86957% with 9 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
internal/controller/oidc_controller.go 60.86% 8 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/controller/oidc_controller.go`:
- Around line 349-360: The redirect-URI parse error branch must stop execution
and avoid reusing the invalid callback URL. In the `url.Parse` error handling
around `authorizeError`, add an immediate return and omit
`authorizeReq.RedirectURI` from the callback-related fields so `authorizeError`
uses its internal JSON error fallback instead of parsing the invalid URL again.
- Line 364: Update the state query construction in authorizeError to set the
"state" parameter only when authorizeReq.State is non-empty, preserving omission
of the parameter for empty state values while retaining it for populated values.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 4f305144-862d-4537-bd42-92fa6eb79af9

📥 Commits

Reviewing files that changed from the base of the PR and between e75605b and ceb5e05.

📒 Files selected for processing (1)
  • internal/controller/oidc_controller.go

Comment thread internal/controller/oidc_controller.go
Comment thread internal/controller/oidc_controller.go Outdated
Rycochet
Rycochet previously approved these changes Jul 14, 2026
@dosubot dosubot Bot added the lgtm This PR has been approved by a maintainer label Jul 14, 2026
@steveiliop56

Copy link
Copy Markdown
Member Author

@coderabbitai full review

@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor
✅ Action performed

Full review finished.

@steveiliop56 steveiliop56 merged commit d946926 into main Jul 14, 2026
5 checks passed
@steveiliop56 steveiliop56 deleted the feat/oidc-query-params-in-redirect-uri branch July 14, 2026 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lgtm This PR has been approved by a maintainer size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG] Existing URL param in redirect uri causes issues

2 participants