Skip to content

feat: implement authorization code flow for hca prod (ma-prod) (#4850)#4853

Merged
NoopDog merged 1 commit into
mainfrom
fran/4850-hca-prod-auth-code-flow
May 26, 2026
Merged

feat: implement authorization code flow for hca prod (ma-prod) (#4850)#4853
NoopDog merged 1 commit into
mainfrom
fran/4850-hca-prod-auth-code-flow

Conversation

@frano-m
Copy link
Copy Markdown
Contributor

@frano-m frano-m commented May 26, 2026

Summary

  • Switches HCA prod (ma-prod) Google OAuth from implicit to authorization code flow.
  • New client ID provisioned for the auth-code flow on the same Google Cloud project.
  • Mirrors the ma-dev migration: replaces `GOOGLE_PROVIDER` const with a `getGoogleProvider(dataSourceUrl)` factory that derives the `authorize` endpoint from the Azul base URL (`https://service.azul.data.humancellatlas.org/user/authorize\`).
  • Propagates `dataSourceUrl` through `getAuthentication` and `config.ts` (`makeConfig` now passes `DATA_URL` into `getAuthentication`).

Closes #4850

Test plan

  • Sign in to prod HCA Data Browser and complete the Terra OAuth round-trip
  • Sign out cleanly
  • Refresh-token flow exercised end-to-end via Azul

🤖 Generated with Claude Code

@frano-m frano-m requested a review from Copilot May 26, 2026 06:15
Copilot AI reviewed May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the HCA DCP ma-prod site configuration to use Google OAuth’s authorization code flow (instead of implicit), mirroring the existing ma-dev approach and deriving the Azul authorize endpoint from the configured DATA_URL.

Changes:

  • Switch ma-prod Google OAuth configuration to OAUTH_FLOW.AUTHORIZATION_CODE with the newly provisioned prod client ID.
  • Replace the ma-prod GOOGLE_PROVIDER constant with getGoogleProvider(dataSourceUrl) to derive authorize from the Azul base URL.
  • Thread DATA_URL through config.tsgetAuthentication(dataSourceUrl)getGoogleProvider(dataSourceUrl).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
site-config/hca-dcp/ma-prod/config.ts Passes DATA_URL into getAuthentication so auth endpoints can be derived from the Azul base URL.
site-config/hca-dcp/ma-prod/authentication/constants.ts Introduces getGoogleProvider(dataSourceUrl) using auth-code flow and the new prod Google client ID; derives authorize from Azul.
site-config/hca-dcp/ma-prod/authentication/authentication.ts Updates getAuthentication signature to accept dataSourceUrl and uses getGoogleProvider.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@frano-m frano-m marked this pull request as ready for review May 26, 2026 06:19
@frano-m @claude
feat: implement authorization code flow for hca prod (ma-prod) (#4850)
0ab61c8 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@frano-m frano-m force-pushed the fran/4850-hca-prod-auth-code-flow branch from 8925c55 to 0ab61c8 Compare May 26, 2026 06:37
@NoopDog NoopDog merged commit 381848c into main May 26, 2026
3 checks passed
@github-actions github-actions Bot mentioned this pull request May 26, 2026
Open
@frano-m frano-m deleted the fran/4850-hca-prod-auth-code-flow branch May 26, 2026 09:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@NoopDog NoopDog NoopDog approved these changes

Assignees

@NoopDog NoopDog

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement authorization code flow for HCA prod (ma-prod)

3 participants

@frano-m @NoopDog