Skip to content

Surface OAuth callback URL on the Settings page #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
murbard wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Surface OAuth callback URL on the Settings page #30

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions internal/web/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2154,6 +2154,12 @@ func (s *Server) handleSettings(w http.ResponseWriter, r *http.Request) {
"LLMModel": allSettings[settings.KeyLLMModel],
"LLMMaxTokens": maxTokens,
"PublicBaseURL": allSettings[settings.KeyPublicBaseURL],
// Derived from PublicBaseURL via the same publicBaseURL() helper
// used by googleOAuthConfig.RedirectURL, so what the operator sees
// here is byte-for-byte the URL Sieve will send to OAuth providers.
// Surfacing it on the settings page is the lowest-friction way to
// avoid Error 400: redirect_uri_mismatch on the provider side.
"OAuthCallbackURL": s.publicBaseURL(r) + "/oauth/callback",
"CommandAllowlist": allSettings[settings.KeyCommandAllowlist],
"AdminTLSCertPath": allSettings[settings.KeyAdminTLSCertPath],
"AdminTLSKeyPath": allSettings[settings.KeyAdminTLSKeyPath],
Expand Down
5 changes: 5 additions & 0 deletions internal/web/templates/settings.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,11 @@ <h2 class="text-sm font-semibold text-slate-300 uppercase tracking-wider">LLM Co
placeholder="http://127.0.0.1:19816"
class="w-full rounded-lg bg-slate-700 border border-slate-600 text-white px-3 py-2.5 text-sm placeholder-slate-400 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-transparent">
<p class="text-xs text-slate-400 mt-1">Externally-visible base URL used when Sieve constructs OAuth callback / redirect / setup URLs (GitHub App manifest, Google OAuth, Slack install). Default <code class="text-slate-300">http://127.0.0.1:19816</code> matches the documented loopback production binding. Set this to your reverse-proxy URL if the admin UI is reached at a different address — never relied on inbound <code class="text-slate-300">Host</code> headers.</p>
<div class="mt-3 rounded-lg bg-slate-900/60 border border-slate-700 px-3 py-2.5">
<p class="text-xs font-semibold text-slate-300 mb-1">OAuth callback URL Sieve will send</p>
<p class="text-xs text-slate-400 leading-relaxed">Register this URL in your Google Cloud Console OAuth client (<em>Authorized redirect URIs</em>), your Slack App config, and any other OAuth provider you use. <strong class="text-slate-300">A mismatch produces <code class="text-amber-300">Error 400: redirect_uri_mismatch</code></strong> on the provider's consent screen and the user cannot complete authentication.</p>
<code class="block mt-1.5 text-xs text-emerald-300 bg-slate-950 px-2 py-1 rounded select-all break-all">{{.OAuthCallbackURL}}</code>
</div>
</div>

<div class="pt-2">
Expand Down
Loading