|
1 | 1 | "use client"; |
2 | 2 |
|
3 | | -import React, { createContext, useContext, useEffect, useState, ReactNode } from "react"; |
4 | | -import { getCurrentUser, CurrentUser, AuthStatus } from "@/app/actions/auth"; |
| 3 | +import React, { createContext, useContext, useEffect, useState, type ReactNode } from "react"; |
| 4 | +import { getCurrentUser, type CurrentUser, type AuthStatus } from "@/app/actions/auth"; |
5 | 5 |
|
6 | | -// oauth2-proxy endpoint that (re)starts the OIDC flow. Mirrors the branded |
7 | | -// login page's SSO_REDIRECT_PATH. |
8 | | -const SSO_REAUTH_PATH = process.env.NEXT_PUBLIC_SSO_REAUTH_PATH || "/oauth2/start"; |
| 6 | +// oauth2-proxy endpoint that (re)starts the OIDC flow. Client components can only |
| 7 | +// read NEXT_PUBLIC_* env vars at runtime, so this mirrors the server-side |
| 8 | +// SSO_REDIRECT_PATH (used by the login page) via NEXT_PUBLIC_SSO_REDIRECT_PATH, |
| 9 | +// which the Helm chart injects from ui.auth.ssoRedirectPath. |
| 10 | +const SSO_REDIRECT_PATH = process.env.NEXT_PUBLIC_SSO_REDIRECT_PATH || "/oauth2/start"; |
9 | 11 | // Guards against redirect loops if re-auth keeps returning a stale token. |
10 | 12 | const REAUTH_GUARD_KEY = "kagent_reauth_attempt"; |
11 | 13 | const REAUTH_GUARD_WINDOW_MS = 10_000; |
@@ -60,7 +62,7 @@ export function AuthProvider({ children }: { children: ReactNode }) { |
60 | 62 | } |
61 | 63 | sessionStorage.setItem(REAUTH_GUARD_KEY, String(Date.now())); |
62 | 64 | const rd = encodeURIComponent(window.location.pathname + window.location.search); |
63 | | - window.location.href = `${SSO_REAUTH_PATH}?rd=${rd}`; |
| 65 | + window.location.assign(`${SSO_REDIRECT_PATH}?rd=${rd}`); |
64 | 66 | }, [isLoading, status]); |
65 | 67 |
|
66 | 68 | useEffect(() => { |
|
0 commit comments