feat: add OAuthGate component for user-level OAuth connections#17
Open
rishikesh-major wants to merge 16 commits intomainfrom
Open
feat: add OAuthGate component for user-level OAuth connections#17rishikesh-major wants to merge 16 commits intomainfrom
rishikesh-major wants to merge 16 commits intomainfrom
Conversation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The deployed app handles OAuth entirely on its own via the OAuthGate server component and x-major-user-jwt. No need to delegate to the parent shell when running inside the dashboard iframe. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
RESOURCE_API_URL is pod-reachable for server-side status checks. RESOURCE_API_BROWSER_URL is browser-reachable for OAuth redirect links. Locally these differ (host.docker.internal vs localhost). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move JSX out of try/catch in oauth-gate.tsx (react-hooks/error-boundaries) - Use lazy useState initializer instead of useEffect+setState in oauth-gate-screen.tsx (react-hooks/set-state-in-effect) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The OAuthGate sign-in button was navigating directly to the go-api auth-url endpoint, which returns JSON. Now it fetches the endpoint, extracts the actual Google OAuth URL, and redirects to that. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The auth-url endpoint requires session auth, which isn't available from the deployed app's browser context. Move URL resolution to the server component using a new internal JWT-authenticated endpoint, so the client receives actual Google OAuth URLs it can navigate to directly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Google blocks OAuth consent in iframes (403), and the redirect flow had returnUrl issues. Switch to popup-only: opens Google consent in a popup window, listens for postMessage/close, then reloads to re-check status via SSR. Works uniformly in both dashboard iframe and standalone. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the full OAuth gate UI (provider logos, branded buttons, popup management, postMessage handling) with a minimal server component that checks status and redirects to go-api's connect page. The platform-hosted connect page (go-api /user-oauth/connect) now owns all the OAuth gate UI, so the template only needs ~50 lines instead of ~200. Adding new providers no longer requires template changes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
rishikesh-major
changed the title
rishikesh-major
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds an
<OAuthGate>server component that deployed apps wrap around their root layout to gate access behind user-level OAuth connections (e.g., Google Calendar).How it works
GET /user-oauth/statuson go-api with thex-major-user-jwtheader{children}normallyconnectToken— the component redirects to the platform-hosted connect page on the Major dashboard (MAJOR_APP_URL/oauth/connect)The component is intentionally thin (~65 lines) — all OAuth UI lives on the Major platform, not in the template.
Files added
components/oauth-gate.tsx— server component (status check + redirect)Usage
The AI coder wraps the app's root layout with this component:
Environment variables
RESOURCE_API_URL— go-api public URL for the SSR status check (injected by Helm)MAJOR_APP_URL— Major dashboard URL for the connect page redirect (injected by Helm, defaults tohttp://web.localhost:1355locally)Design decisions
redirect().Companion PR
🤖 Generated with Claude Code