Skip to content

Fix OAuth redirection handling in invite flow #516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ThaminduDilshan merged 2 commits into from
May 13, 2026
Merged

Fix OAuth redirection handling in invite flow #516

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e8ed449
Fix OAuth redirection handling in invite flow
ThaminduDilshan May 13, 2026
ad7a9f1
chore: add changeset 🦋
ThaminduDilshan May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/three-flowers-sneeze.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@asgardeo/react': patch
---

Fix OAuth redirection handling in invite flow
9 changes: 9 additions & 0 deletions packages/react/src/components/presentation/auth/AcceptInvite/v2/BaseAcceptInvite.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -634,6 +634,15 @@ const BaseAcceptInvite: FC<BaseAcceptInviteProps> = ({

await setChallengeToken(response.challengeToken ?? null);

if (response.type === 'REDIRECTION') {
const redirectURL: any = response.data?.redirectURL || (response as any)?.redirectURL;

if (redirectURL && typeof window !== 'undefined') {
initiateOAuthRedirect(redirectURL);
return;
}
}
Comment on lines +637 to +644
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fail fast when REDIRECTION is returned without a usable URL.

At Line 637, if response.type is REDIRECTION but redirectURL is missing/empty, execution falls through and may lead to a dead-end UI. Treat this as an error and return early.

Suggested patch 
         if (response.type === 'REDIRECTION') {
           const redirectURL: any = response.data?.redirectURL || (response as any)?.redirectURL;

           if (redirectURL && typeof window !== 'undefined') {
             initiateOAuthRedirect(redirectURL);
             return;
           }
+
+          setIsTokenInvalid(true);
+          handleError(new Error('Invalid redirection response: missing redirect URL.'));
+          return;
         }
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/react/src/components/presentation/auth/AcceptInvite/v2/BaseAcceptInvite.tsx`
around lines 637 - 644, The REDIRECTION branch in BaseAcceptInvite.tsx currently
falls through when response.type === 'REDIRECTION' but redirectURL is missing;
update the handler for response.type === 'REDIRECTION' to treat a missing/empty
redirectURL as an error: detect redirectURL (from response.data?.redirectURL ||
(response as any)?.redirectURL), and if falsy, log or set an error state and
return early instead of continuing, otherwise call
initiateOAuthRedirect(redirectURL) as before; ensure you reference the same
symbols (response.type, redirectURL, initiateOAuthRedirect) and exit the
function after handling the error case to avoid leaving the UI in a dead-end
state.


// Check for error (invalid token)
if (response.flowStatus === 'ERROR') {
setIsTokenInvalid(true);
Expand Down
Loading