client: Parse auth callback query parameters before showing sign-in success page (#36440)

This PR fixes an issue where we would redirect the user's browser to the
sign-in success page even if the OAuth callback was malformed.

We now parse the OAuth callback parameters from the query string and
only redirect to the sign-in success page when they are valid.

Release Notes:

- Updated the sign-in flow to not show the sign-in success page
prematurely.
This commit is contained in:
Marshall Bowers 2025-08-18 15:57:28 -04:00 committed by GitHub
parent 3a3df5c011
commit 50819a9d20
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 16 additions and 11 deletions

View file

@ -582,6 +582,7 @@ serde_json_lenient = { version = "0.2", features = [
"raw_value",
] }
serde_repr = "0.1"
serde_urlencoded = "0.7"
sha2 = "0.10"
shellexpand = "2.1.0"
shlex = "1.3.0"