client: Parse auth callback query parameters before showing sign-in success page (#36440)

This PR fixes an issue where we would redirect the user's browser to the
sign-in success page even if the OAuth callback was malformed.

We now parse the OAuth callback parameters from the query string and
only redirect to the sign-in success page when they are valid.

Release Notes:

- Updated the sign-in flow to not show the sign-in success page
prematurely.
This commit is contained in:
Marshall Bowers 2025-08-18 15:57:28 -04:00 committed by GitHub
parent 3a3df5c011
commit 50819a9d20
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 16 additions and 11 deletions

1
Cargo.lock generated
View file

@ -3070,6 +3070,7 @@ dependencies = [
"schemars",
"serde",
"serde_json",
"serde_urlencoded",
"settings",
"sha2",
"smol",