fix(admin-ui): Use typescript generated client for Auth Server Keys pages

[syntrydy]

#2449
Closes #2449

Summary by CodeRabbit

• New Features

  • Adds a dedicated JSON Web Keys (JWK) list page with stable rendering and navigation actions.
  • New read-only key detail UI with consistent date formatting.

• Bug Fixes

  • Better error handling and user-facing messages when JWK retrieval fails.

• Tests

  • Expanded unit tests covering JWK list rendering, edge cases, and formatting.

• Chores

  • Improved type safety, exports, and component memoization for performance.

[coderabbitai]

Warning

Rate limit exceeded

@moabu has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 16 minutes and 34 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 7cce253 and 1babffe.

📒 Files selected for processing (4)

• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.tsx (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/KeysPage.tsx (3 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkActions.ts (1 hunks)
• admin-ui/plugins/auth-server/plugin-metadata.js (0 hunks)

📝 Walkthrough

Walkthrough

Refactors Auth Server Keys pages from Redux-based sagas/slices/APIs to TypeScript-generated client usage via new hooks and typed components; removes legacy Redux wiring and tests, adds Jest module aliases, adds JWK types/constants/hooks, and replaces old JwksPage with a JwkListPage/JwkItem implementation and tests.

Changes

Cohort / File(s)	Summary
Jest Configuration admin-ui/jest.config.js	Added moduleNameMapper entries: ^@/(.*)$ → '<rootDir>/app/$1', ^context(.*)$ → '<rootDir>/app/context$1', and ^JansConfigApi$ → '<rootDir>/jans_config_api_orval/src/JansConfigApi.ts'.
Redux Removal admin-ui/plugins/auth-server/redux/features/jwksSlice.js, .../redux/sagas/JwksSaga.js, .../redux/api/JwksApi.js	Removed JWKS Redux slice, saga(s), and JwksApi class (all logic and exports deleted).
Plugin wiring admin-ui/plugins/auth-server/plugin-metadata.js	Removed imports and registrations for jwksReducer and jwksSaga.
UI: removed components & tests admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwksPage.js, .../JwksPage.test.js, admin-ui/plugins/auth-server/__tests__/api/Jwks.test.js	Deleted legacy Redux-connected JwksPage and associated tests.
New typed components admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkItem.tsx, .../Jwks/JwkListPage.tsx, .../KeysPage.tsx	Added memoized typed JwkItem, added JwkListPage (hook-driven), and updated KeysPage to use JwkListPage; added displayName and explicit return types.
Hooks & exports admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkApi.ts, .../useJwkActions.ts, .../hooks/index.ts	Added useJwkApi() (fetch/normalize jwks, refetch), useJwkActions() (navigate to keys list), and consolidated re-exports.
Types, constants & fixtures admin-ui/plugins/auth-server/components/Configuration/Keys/types/jwkTypes.ts, .../types/index.ts, .../constants.ts, .../__fixtures__/jwkTestData.ts	Added JWK types and interfaces, DATE_FORMAT and ROUTES constants, and exported mock JWKS fixtures (including zero-exp and empty variants).
Tests added/updated admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.test.tsx, .../KeysPage.test.tsx	Added unit tests for new components using mocked hooks and fixtures to verify rendering, fields, and error/edge cases.
Audit metadata admin-ui/plugins/auth-server/redux/audit/Resources.js	Added export JWK = 'jwk'.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant UI as KeysPage / JwkListPage
  participant Hook as useJwkApi
  participant Client as JansConfigApi (generated)
  participant OldRedux as (was) jwksSaga/store

  rect rgb(220,240,255)
  UI->>Hook: call useJwkApi()
  Hook->>Client: useGetConfigJwks / generated client call
  Client-->>Hook: jwks data / error
  Hook-->>UI: { jwks, isLoading, error, refetch }
  end

  rect rgb(255,230,220)
  note right of OldRedux: Previously\nUI -> dispatch getJwks()\nSaga -> call JwksApi -> dispatch response
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay extra attention to:
  • useJwkApi.ts — error normalization and effect logging
  • Type alignment between jwkTypes.ts and generated JansConfigApi typings
  • JwkItem.tsx memoization and typed Accordion usage
  • Removal points in plugin-metadata.js to ensure no remaining consumers expect the removed reducer/saga

Possibly related PRs

• fix(admin-ui): Use typescript generated client for SCHEMA plugin  #2396 — Similar migration pattern removing legacy Redux APIs/sagas and adopting generated TypeScript clients for plugin UIs.
• fix(admin-ui): Use typescript generated client for Agama pages #2423 #2424 — Related refactor removing Redux-based implementations in favor of generated clients/hooks for plugin pages.

Suggested reviewers

• duttarnab
• moabu

Poem

🐰 I hopped through code to chase old sagas away,

Typed clients now hum where plain JS used to stay.
Hooks gather keys, safe, neat, and bright —
Tests bloom like carrots in morning light. ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly summarizes the main change: migrating Auth Server Keys pages to use the TypeScript-generated client instead of manually created types.
Linked Issues check	✅ Passed	All objectives from issue #2449 are met: replaced manual types with TypeScript client, removed redux artifacts (api/features/saga files), and eliminated manually added types.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the PR objectives; no out-of-scope modifications detected beyond the specified migration scope.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkItem.tsx (1)

114-122: CRITICAL: x5c array is not being rendered correctly.

The x5c field is an array of strings (as defined in the mock data and JSONWebKey type), but line 120 uses defaultValue={item.x5c ?? ''}. When an array is used as a string value, JavaScript will call toString() on it, resulting in a comma-separated string rather than a properly formatted certificate chain.

Additionally, the test at KeysPage.test.tsx line 47 expects only the first element: firstKey?.x5c?.[0], which contradicts this implementation.

Apply this diff to handle the x5c array properly:

                 <Col sm={11}>
                   <Input
                     id="x5c"
                     type="textarea"
                     data-testid="x5c"
                     name="x5c"
                     readOnly
-                    defaultValue={item.x5c ?? ''}
+                    defaultValue={Array.isArray(item.x5c) ? item.x5c[0] ?? '' : ''}
                   />
                 </Col>

Or, if you want to display all certificates in the chain:

-                    defaultValue={item.x5c ?? ''}
+                    defaultValue={Array.isArray(item.x5c) ? item.x5c.join('\n\n') : ''}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2fc7c93 and c1cf9bf.

📒 Files selected for processing (21)

• admin-ui/jest.config.js (1 hunks)
• admin-ui/plugins/auth-server/__tests__/api/Jwks.test.js (0 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkItem.tsx (12 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.test.tsx (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.tsx (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwksPage.js (0 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwksPage.test.js (0 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/KeysPage.test.tsx (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/KeysPage.tsx (3 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/__fixtures__/jwkTestData.ts (2 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/constants.ts (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/index.ts (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkActions.ts (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkApi.ts (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/types/index.ts (1 hunks)
• admin-ui/plugins/auth-server/components/Configuration/Keys/types/jwkTypes.ts (1 hunks)
• admin-ui/plugins/auth-server/plugin-metadata.js (0 hunks)
• admin-ui/plugins/auth-server/redux/api/JwksApi.js (0 hunks)
• admin-ui/plugins/auth-server/redux/audit/Resources.js (1 hunks)
• admin-ui/plugins/auth-server/redux/features/jwksSlice.js (0 hunks)
• admin-ui/plugins/auth-server/redux/sagas/JwksSaga.js (0 hunks)

💤 Files with no reviewable changes (7)

• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwksPage.test.js
• admin-ui/plugins/auth-server/redux/api/JwksApi.js
• admin-ui/plugins/auth-server/plugin-metadata.js
• admin-ui/plugins/auth-server/redux/features/jwksSlice.js
• admin-ui/plugins/auth-server/tests/api/Jwks.test.js
• admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwksPage.js
• admin-ui/plugins/auth-server/redux/sagas/JwksSaga.js

🧰 Additional context used

🧬 Code graph analysis (6)

admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkActions.ts (1)

admin-ui/plugins/auth-server/components/Configuration/Keys/constants.ts (1)

• ROUTES (3-5)

admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkItem.tsx (2)

admin-ui/plugins/auth-server/components/Configuration/Keys/types/jwkTypes.ts (1)

• JwkItemProps (7-10)

admin-ui/plugins/auth-server/components/Configuration/Keys/constants.ts (1)

• DATE_FORMAT (1-1)

admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkApi.ts (1)

admin-ui/plugins/auth-server/components/Configuration/Keys/types/jwkTypes.ts (1)

• UseJwkApiResult (13-18)

admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.tsx (1)

admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkApi.ts (1)

• useJwkApi (5-22)

admin-ui/plugins/auth-server/components/Configuration/Keys/KeysPage.test.tsx (3)

admin-ui/plugins/auth-server/components/Configuration/Keys/__fixtures__/jwkTestData.ts (3)

• mockJwksConfig (3-20)
• mockJwksConfigWithZeroExp (22-34)
• mockEmptyJwksConfig (36-38)

admin-ui/plugins/auth-server/components/Configuration/Keys/constants.ts (1)

• DATE_FORMAT (1-1)

admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkApi.ts (1)

• useJwkApi (5-22)

admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.test.tsx (2)

admin-ui/plugins/auth-server/components/Configuration/Keys/__fixtures__/jwkTestData.ts (1)

• mockJwksConfig (3-20)

admin-ui/plugins/auth-server/components/Configuration/Keys/constants.ts (1)

• DATE_FORMAT (1-1)

🔇 Additional comments (19)

admin-ui/plugins/auth-server/redux/audit/Resources.js (1)

8-8: LGTM!

The new JWK constant follows the established pattern for audit resource identifiers and integrates cleanly with the existing constants.

admin-ui/plugins/auth-server/components/Configuration/Keys/types/index.ts (1)

1-1: LGTM!

This barrel file follows TypeScript best practices for organizing and consolidating type exports.

admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/index.ts (1)

1-2: LGTM!

This barrel file follows React and TypeScript best practices for consolidating hook exports.

admin-ui/plugins/auth-server/components/Configuration/Keys/constants.ts (1)

1-5: LGTM!

The constants are properly defined with as const assertions, ensuring type safety and immutability. The date format and route paths are appropriate.

admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkApi.ts (1)

5-22: LGTM!

The hook implementation follows React best practices:

• Properly uses the generated API client
• Includes error logging for debugging
• Normalizes errors to a consistent Error type
• Returns a well-typed interface matching UseJwkApiResult

admin-ui/plugins/auth-server/components/Configuration/Keys/hooks/useJwkActions.ts (1)

5-15: LGTM!

The hook correctly uses useCallback to memoize the navigation function, with the appropriate dependency array. The implementation is clean and focused.

admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.test.tsx (2)

12-22: LGTM!

The mocking strategy correctly isolates the component under test by providing controlled hook return values. The mock setup is comprehensive and matches the expected hook interfaces.

---

36-51: LGTM!

The test comprehensively validates the component's rendering:

• Verifies title presence
• Checks all key fields are populated from mock data
• Correctly handles conditional exp field rendering with proper date formatting

admin-ui/jest.config.js (3)

16-16: LGTM!

The @/ alias is a common pattern for absolute imports and properly maps to the app/ directory.

---

19-19: LGTM!

The lowercase context alias complements the existing uppercase Context alias (line 18). Since JavaScript module resolution is case-sensitive, these do not conflict.

---

26-26: LGTM!

The JansConfigApi alias correctly maps to the generated TypeScript client file, enabling tests to resolve the new imports.

admin-ui/plugins/auth-server/components/Configuration/Keys/KeysPage.tsx (1)

1-30: LGTM! Clean refactoring to use the new JwkListPage component.

The changes successfully replace the old component with the new typed implementation, add proper TypeScript annotations, and include a displayName for better debugging. The refactoring aligns with the PR objectives of moving away from Redux-based manual types to TypeScript-generated client usage.

admin-ui/plugins/auth-server/components/Configuration/Keys/__fixtures__/jwkTestData.ts (1)

1-38: LGTM! Well-structured test fixtures.

The mock data properly covers multiple test scenarios (normal, zero expiration, and empty states) and correctly types x5c as an array, which aligns with the WebKeysConfiguration type from the generated client. The fixtures provide good coverage for the test cases.

admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkListPage.tsx (2)

27-41: LGTM! Proper error state handling.

The error state rendering correctly displays localized error messages with a fallback, ensuring users receive meaningful feedback when API calls fail.

---

43-57: LGTM! Well-structured loading and empty states.

The component properly handles loading state with GluuLoader and displays an informative alert when no JWKs are found. The memoized jwkItems list ensures efficient rendering.

admin-ui/plugins/auth-server/components/Configuration/Keys/types/jwkTypes.ts (1)

1-18: LGTM! Clean type definitions.

The file properly re-exports generated types from JansConfigApi and defines clear interfaces for component props and hook results. The type-only imports ensure optimal tree-shaking.

admin-ui/plugins/auth-server/components/Configuration/Keys/Jwks/JwkItem.tsx (3)

36-81: LGTM! Proper use of readOnly and nullish coalescing.

The changes from disabled to readOnly are semantically correct for display-only fields, and the nullish coalescing operator (??) properly handles undefined values with empty string fallbacks. This improves both the user experience and code clarity.

Also applies to: 90-107, 119-120

---

12-12: LGTM! Proper memoization and displayName.

The component is correctly memoized using React.memo with explicit typing, and the displayName is set for better debugging in React DevTools.

Also applies to: 173-173

---

10-10: The double type assertion for Accordion is correct and necessary.

The Accordion component uses a compound component pattern where sub-components (Header, Body, Indicator) are attached as static properties at runtime in index.ts. TypeScript cannot infer these runtime-attached properties, so the double assertion as unknown as AccordionComponent is the appropriate pattern to align the function's type with the interface that includes these static members. This is a standard TypeScript pattern for compound components and does not indicate a type incompatibility, version mismatch, or incorrect type definitions.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

Verify x5c field handling - test expectation may not match implementation.

The test expects x5c to display only the first element of the array (firstKey?.x5c?.[0]), but the implementation in JwkItem.tsx line 120 uses defaultValue={item.x5c ?? ''}. Since x5c is typed as an array in the mock data (lines 13-15 of jwkTestData.ts), this would stringify the entire array rather than showing just the first element.

Run the following script to verify how x5c is handled in the JSONWebKey type and check for other usages:

---

🏁 Script executed:

#!/bin/bash
# Description: Verify x5c type definition and usage patterns

# Check JSONWebKey type definition for x5c field
ast-grep --pattern $'interface JSONWebKey {
  $$$
  x5c$_
  $$$
}'

# Search for x5c usage patterns in the codebase
rg -nP --type=ts --type=tsx -C3 'x5c' -g '!**/node_modules/**' -g '!**/dist/**'

Length of output: 27

---

🏁 Script executed:

#!/bin/bash
# Description: Verify x5c type definition and usage patterns - fixed

# Search for JSONWebKey type definition
rg -nP --type=ts -C5 'interface JSONWebKey|type JSONWebKey' -g '!**/node_modules/**' -g '!**/dist/**'

# Search for x5c usage patterns more broadly
rg -nP -C3 'x5c' -g '!**/node_modules/**' -g '!**/dist/**' | head -100

# Check JwkItem.tsx specifically for x5c handling around line 120
fd -e tsx -e ts 'JwkItem' -x cat {} \; 2>/dev/null | grep -n -A10 -B10 'x5c' || echo "File not found or pattern not matched"

# Check the test file around line 47
fd -e test.tsx 'KeysPage' -x cat {} \; 2>/dev/null | sed -n '40,60p' || echo "Test file not found"

Length of output: 299173

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
echo "=== search: getByTestId('x5c') in admin-ui ==="
rg -n -C3 --hidden --glob '!**/node_modules/**' "getByTestId\\(.{0,20}['\"]x5c['\"]" admin-ui || true

echo
echo "=== search: defaultValue={item.x5c in admin-ui ==="
rg -n -C3 --hidden --glob '!**/node_modules/**' "defaultValue\\s*=\\s*\\{\\s*item\\.x5c" admin-ui || true

echo
echo "=== search: x5c occurrences in admin-ui (context) ==="
rg -n -C3 --hidden --glob '!**/node_modules/**' "\\bx5c\\b" admin-ui || true

echo
echo "=== search: JSONWebKey type definitions in repo ==="
rg -n -C3 --hidden --glob '!**/node_modules/**' "interface\\s+JSONWebKey|type\\s+JSONWebKey|\\bJSONWebKey\\b" || true

Length of output: 26702

---

Align x5c rendering with tests — component renders entire array but tests expect the first element.

JwkItem.tsx uses defaultValue={item.x5c ?? ''} (renders the full array) while KeysPage.test.tsx (line 47) and JwkListPage.test.tsx (line 43) assert screen.getByTestId('x5c') equals firstKey?.x5c?.[0]; either change the component to render item.x5c?.[0] (or explicitly join/format the array) or update the tests to match the intended UI output.

🤖 Prompt for AI Agents

In admin-ui/plugins/auth-server/components/Configuration/Keys/KeysPage.test.tsx
around line 47 the test asserts that the x5c input contains only the first
element of the JWK array, but the component JwkItem.tsx sets
defaultValue={item.x5c ?? ''} which renders the entire array; to fix, make the
rendering and tests consistent: either update JwkItem.tsx to render
item.x5c?.[0] (or join/format the array to a single string) so the input shows
the first element, or change this test (and JwkListPage.test.tsx) to expect the
full array representation produced by the component (e.g., join with commas or
JSON.stringify) — pick one approach and update the component or tests
accordingly so the rendered value matches the asserted value.

[moabu]

@coderabbitai generate docstrings

[coderabbitai]

✅ Actions performed

Initiated docstring generation; will generate only if new commits exist.

[coderabbitai]

Note

Docstrings generation - SUCCESS
Generated docstrings for this pull request at #2466

[sonarqubecloud]

Quality Gate passed for 'flex_linux_setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud]

Quality Gate passed for 'Gluu Admin UI'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud