feat(controlplane): render branded HTML page with copy button for OIDC token#3124
Open
migmartri wants to merge 2 commits into
Open
feat(controlplane): render branded HTML page with copy button for OIDC token#3124migmartri wants to merge 2 commits into
migmartri wants to merge 2 commits into
Conversation
…C token Replace the plain-text token output with a self-contained HTML page when the OIDC callback flow has no client callback URL (CLI manual login). The page shows the JWT in a styled <code> block and provides a Copy Token button that uses the Clipboard API. Cache-Control: no-store and Referrer-Policy: no-referrer prevent the bearer token from leaking via caches or the Referer header. The token stays in the response body and is never placed in the URL. Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
navigator.clipboard.writeText only works in a secure context (HTTPS or
localhost), so it fails on plain HTTP deployments. Fall back to a hidden
textarea + document.execCommand('copy') so the Copy Token button works
on insecure origins as well.
Assisted-by: Claude Code
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When the OIDC callback flow has no client callback URL (CLI manual login flow), the control plane previously returned a plain-text response containing the JWT. This change replaces it with a self-contained, branded HTML page that:
<code>block.Cache-Control: no-storeandReferrer-Policy: no-referrerso the bearer token does not leak via caches or the Referer header.The behavior when a client callback URL is provided is unchanged.
🤖 Assisted-by: Claude Code