From 7da1fcb861b9d975f9e7e3cf559ea544b0947e32 Mon Sep 17 00:00:00 2001
From: Jasper Siepkes <siepkes@serviceplanet.nl>
Date: Thu, 7 Mar 2024 11:08:51 +0100
Subject: [PATCH] Fix OpenBao OIDC followed by Google OIDC not working on
 Android

This fixes the issue when having an Android app authenticate with the
OpenBoa OIDC identity provider and having OpenBao in turn authenticate
the user with Google OIDC the redirect back to the Android app from
OpenBao doesn't work. So after logging in with Google you get correctly
redirected to OpenBao but then OpenBAO doesn't redirect back to the app.
Chrome (104) on Android would show the logo loading animation forever.

This code was originally developed by @prajnamohan1 while working at
Service Planet Rotterdam B.V.. I, Jasper Siepkes, in my capacity of
IT Manager at Service Planet Rotterdam B.V. herby grant permission to
use this code under the MPL-2.0 license.

Resolves: openbao#184
Signed-off-by: Jasper Siepkes <siepkes@serviceplanet.nl>
---
 changelog/184.txt                                |  3 +++
 ui/app/routes/vault/cluster/oidc-provider.js     | 12 ++++++------
 ui/app/templates/vault/cluster/oidc-provider.hbs |  4 +++-
 ui/tests/acceptance/oidc-provider-test.js        |  9 ++++++---
 4 files changed, 18 insertions(+), 10 deletions(-)
 create mode 100644 changelog/184.txt

diff --git a/changelog/184.txt b/changelog/184.txt
new file mode 100644
index 0000000000..85b08029a6
--- /dev/null
+++ b/changelog/184.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: The latest versions of Chrome do not automatically redirect back to an Android app after multiple redirects during an OIDC authentication flow. A link was added to allow the user to manually redirect back to the app.
+```
diff --git a/ui/app/routes/vault/cluster/oidc-provider.js b/ui/app/routes/vault/cluster/oidc-provider.js
index 849d07e799..34a0da8bf5 100644
--- a/ui/app/routes/vault/cluster/oidc-provider.js
+++ b/ui/app/routes/vault/cluster/oidc-provider.js
@@ -94,17 +94,17 @@ export default class VaultClusterOidcProviderRoute extends Route {
   _handleSuccess(response, baseUrl, state) {
     const { code } = response;
     const redirectUrl = this._buildUrl(baseUrl, { code, state });
-    if (Ember.testing) {
-      return { redirectUrl };
+    if (!Ember.testing) {
+      this.win.location.replace(redirectUrl);
     }
-    this.win.location.replace(redirectUrl);
+    return { redirectUrl };
   }
   _handleError(errorResp, baseUrl) {
     const redirectUrl = this._buildUrl(baseUrl, { ...errorResp });
-    if (Ember.testing) {
-      return { redirectUrl };
+    if (!Ember.testing) {
+      this.win.location.replace(redirectUrl);
     }
-    this.win.location.replace(redirectUrl);
+    return { redirectUrl };
   }
 
   /**
diff --git a/ui/app/templates/vault/cluster/oidc-provider.hbs b/ui/app/templates/vault/cluster/oidc-provider.hbs
index b619e82f7c..49e67e6261 100644
--- a/ui/app/templates/vault/cluster/oidc-provider.hbs
+++ b/ui/app/templates/vault/cluster/oidc-provider.hbs
@@ -14,7 +14,9 @@
           @onSuccess={{this._handleSuccess}}
         />
       {{else if this.model.redirectUrl}}
-        <div data-test-oidc-redirect>{{this.model.redirectUrl}}</div>
+        <VaultLogoSpinner />
+        <p>If you are not automatically redirected,
+          <a href={{this.model.redirectUrl}} data-test-oidc-redirect>click here to go back to app.</a></p>
       {{else}}
         <VaultLogoSpinner />
       {{/if}}
diff --git a/ui/tests/acceptance/oidc-provider-test.js b/ui/tests/acceptance/oidc-provider-test.js
index 24acdc696e..60d48db787 100644
--- a/ui/tests/acceptance/oidc-provider-test.js
+++ b/ui/tests/acceptance/oidc-provider-test.js
@@ -164,10 +164,11 @@ module('Acceptance | oidc provider', function (hooks) {
     await authFormComponent.login();
     await settled();
     assert.strictEqual(currentURL(), url, 'URL is as expected after login');
-    assert.dom('[data-test-oidc-redirect]').exists('redirect text exists');
     assert
       .dom('[data-test-oidc-redirect]')
-      .hasTextContaining(`${callback}?code=`, 'Successful redirect to callback');
+      .hasTextContaining(`click here to go back to app`, 'Shows link back to app');
+    const link = document.querySelector('[data-test-oidc-redirect]').getAttribute('href');
+    assert.ok(link.includes('/callback?code='), 'Redirects to correct url');
 
     //* clean up test state
     await clearRecord(this.store, 'oidc/client', 'my-webapp');
@@ -192,7 +193,9 @@ module('Acceptance | oidc provider', function (hooks) {
     await settled();
     assert
       .dom('[data-test-oidc-redirect]')
-      .hasTextContaining(`${callback}?code=`, 'Successful redirect to callback');
+      .hasTextContaining(`click here to go back to app`, 'Shows link back to app');
+    const link = document.querySelector('[data-test-oidc-redirect]').getAttribute('href');
+    assert.ok(link.includes('/callback?code='), 'Redirects to correct url');
 
     //* clean up test state
     await clearRecord(this.store, 'oidc/client', 'my-webapp');