Skip to content

refactor(fe): replace route-based authorize views with store-driven rendering#3781

Open
sea-snake wants to merge 4 commits intosea-snake/request-driven-flowfrom
sea-snake/unified-authorize-route
Open

refactor(fe): replace route-based authorize views with store-driven rendering#3781
sea-snake wants to merge 4 commits intosea-snake/request-driven-flowfrom
sea-snake/unified-authorize-route

Conversation

@sea-snake
Copy link
Copy Markdown
Contributor

@sea-snake sea-snake commented Apr 16, 2026
edited
Loading

The authorize flow previously used three route groups with child routes to render different views — making the flow scattered and hard to follow. Users navigated between /authorize, /authorize/continue, and /authorize/upgrade-success, with separate routes for OpenID init and resume flows.

This PR consolidates everything into a single /authorize route. URL search params (?openid=<issuer>, ?flow=openid-resume) determine the channel establishment mode, and store state drives which view renders — no more child route navigation.

Changes

  • Single /authorize route replaces three route groups. (channel), (pending-channel), and (resuming-channel) are deleted. One layout handles all channel modes based on URL params.
  • Store-driven view selection. The page renders views based on store state priority: authorized → redirect animation, OpenID resume processing → redirect animation, upgrade success → countdown, selected identity → account selection, default → auth wizard.
  • Extracted view components. AuthWizardView, ContinueView, UpgradeSuccessView, and RedirectAnimationView are co-located with the route under authorize/views/.
  • Unified redirect animation. The animated SVG progress screen from the OpenID resume flow replaces the old ProgressRing redirect screen, with a breathing pulse after the draw completes and a 10s fallback dialog.
  • Promise-based authorization. authorize() accepts Promise<bigint | undefined> so the redirect animation can start immediately while account resolution continues in the background.
  • Views use props instead of store access. ContinueView and UpgradeSuccessView receive effectiveOrigin and onAuthorize as props rather than importing authorization stores directly.
  • OpenID init logic inlined. The redirect-to-provider logic runs in onMount — no separate component for something that doesn't render.
← Previous: #3777
Next: #3790

@sea-snake sea-snake requested a review from a team as a code owner April 16, 2026 09:04
@sea-snake sea-snake mentioned this pull request Apr 16, 2026
Open
@sea-snake sea-snake requested review from aterga and Copilot April 16, 2026 09:20
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the new-styling authorization UX by consolidating multiple route groups into a single /authorize route and switching view selection to be driven primarily by store state (and URL search params for OpenID init/resume), including a unified redirect animation and a promise-based authorization handoff.

Changes:

  • Consolidates route-based authorize flow into a single /authorize page/layout with store-driven rendering.
  • Adds OpenID init/resume handling via URL search params and inlined onMount logic.
  • Introduces a unified redirect animation view and updates authorization to accept Promise<bigint | undefined>.

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/frontend/src/routes/(new-styling)/callback/+page.svelte Redirect OpenID callback handling to /authorize with flow=openid-resume.
src/frontend/src/routes/(new-styling)/authorize/+page.ts Adds load-time flow detection for normal/OpenID init/OpenID resume.
src/frontend/src/routes/(new-styling)/authorize/+layout.svelte New unified authorize layout handling channel establishment, errors, and shared chrome.
src/frontend/src/routes/(new-styling)/authorize/+page.svelte New single authorize page selecting views by store state and flow.
src/frontend/src/routes/(new-styling)/authorize/views/AuthWizardView.svelte Extracts auth wizard view and switches to prop-driven handlers.
src/frontend/src/routes/(new-styling)/authorize/views/ContinueView.svelte Refactors continue/account-selection view to use props and promise-based authorization.
src/frontend/src/routes/(new-styling)/authorize/views/UpgradeSuccessView.svelte Refactors upgrade-success view to call an injected onAuthorize handler.
src/frontend/src/routes/(new-styling)/authorize/views/RedirectAnimationView.svelte Adds new shared redirect animation view with 10s fallback dialog.
src/frontend/src/lib/utils/reroute.ts Removes reroute special-casing for ?openid=... since /authorize now handles it.
src/frontend/src/lib/stores/channelHandlers/delegation.ts Awaits promised account number concurrently with authentication before delegating.
src/frontend/src/lib/stores/authorization.store.ts Changes authorized payload to hold a promise-based account number.
src/frontend/src/routes/(new-styling)/(resuming-channel)/resume-openid-authorize/+page.svelte Removes obsolete OpenID resume route page.
src/frontend/src/routes/(new-styling)/(resuming-channel)/+layout.svelte Removes obsolete resuming-channel layout.
src/frontend/src/routes/(new-styling)/(pending-channel)/init-openid-authorize/+page.ts Removes obsolete OpenID init load route.
src/frontend/src/routes/(new-styling)/(pending-channel)/init-openid-authorize/+page.svelte Removes obsolete OpenID init redirect page.
src/frontend/src/routes/(new-styling)/(pending-channel)/+layout.svelte Removes obsolete pending-channel layout.
src/frontend/src/routes/(new-styling)/(channel)/authorize/upgrade-success/+layout.ts Removes obsolete route guard for upgrade-success child route.
src/frontend/src/routes/(new-styling)/(channel)/authorize/+layout.svelte Removes obsolete channel/authorize layout (including old redirect screen).
src/frontend/src/routes/(new-styling)/(channel)/authorize/(panel)/+page.ts Removes obsolete first-visit redirect logic to /authorize/continue.
src/frontend/src/routes/(new-styling)/(channel)/authorize/(panel)/+layout.svelte Removes obsolete panel layout wrapper for authorize flow.
src/frontend/src/routes/(new-styling)/(channel)/+layout.svelte Removes obsolete channel layout now replaced by unified /authorize layout.
Comments suppressed due to low confidence (1)

src/frontend/src/routes/(new-styling)/authorize/views/ContinueView.svelte:109

  • accountNumberPromise can reject (e.g., get_default_account/throwCanisterError), but it's passed to onAuthorize without being awaited/handled. That means the UI commits to the authorized/redirect-animation state even if account resolution fails, and the error won't be surfaced by this try/catch. Consider resolving the account number before calling onAuthorize, or ensure the promise passed to onAuthorize never rejects (e.g., handle errors before authorizing and avoid setting authorized state on failure).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/frontend/src/routes/(new-styling)/authorize/views/RedirectAnimationView.svelte
Comment thread src/frontend/src/routes/(new-styling)/authorize/+layout.svelte
Comment thread src/frontend/src/routes/(new-styling)/authorize/+page.svelte
This was referenced Apr 20, 2026
Closed
Open
@sea-snake sea-snake force-pushed the sea-snake/request-driven-flow branch from 808939e to c5ece6e Compare April 20, 2026 14:45
@sea-snake sea-snake force-pushed the sea-snake/unified-authorize-route branch from 2a3f202 to 62de7bb Compare April 20, 2026 14:52
@sea-snake sea-snake force-pushed the sea-snake/request-driven-flow branch 3 times, most recently from 6cc5f0f to 824ac47 Compare April 20, 2026 15:28
@sea-snake sea-snake force-pushed the sea-snake/unified-authorize-route branch from 62de7bb to 0d7f581 Compare April 20, 2026 15:31
@sea-snake sea-snake force-pushed the sea-snake/request-driven-flow branch from 824ac47 to 5443c5f Compare April 20, 2026 16:15
@sea-snake
refactor(fe): unified /authorize route with store-driven rendering
f6739ec 
Replace three route groups (channel, pending-channel, resuming-channel)
with a single /authorize route. URL params determine the channel mode,
store state drives which view renders — no child route navigation.
@sea-snake
fix(fe): don't render views during openid-init redirect
85c79d0
@sea-snake
fix(fe): breathing animation on redirect, use in-only transitions
a1bc6e8
@sea-snake
fix(fe): add rel noopener noreferrer to redirect animation link
7d43bc7
@sea-snake sea-snake force-pushed the sea-snake/unified-authorize-route branch from 0d7f581 to 7d43bc7 Compare April 20, 2026 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aterga aterga Awaiting requested review from aterga

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sea-snake