Refactor for federated login to prevent conflicts with internal (#1638)

alexandrudanpop · web-flow · commit 37990265fe9c · 2025-11-19T18:14:13.000+02:00
Fixes OPS-2947
diff --git a/packages/react-ui/src/app/app.tsx b/packages/react-ui/src/app/app.tsx
@@ -3,7 +3,7 @@ import {
   DefaultErrorFunction,
   SetErrorFunction,
 } from '@sinclair/typebox/errors';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { QueryClientProvider } from '@tanstack/react-query';
 
 import { ThemeProvider } from '@/app/common/providers/theme-provider';
 
@@ -13,9 +13,9 @@ import { InitialDataGuard } from './common/guards/intial-data-guard';
 import { Extensions } from './features/extensions';
 import './interceptors';
 import { useLogoutEventListener } from './lib/navigation-events';
+import { queryClient } from './lib/query-client';
 import { ApplicationRouter } from './router';
 
-const queryClient = new QueryClient();
 let typesFormatsAdded = false;
 
 if (!typesFormatsAdded) {
diff --git a/packages/react-ui/src/app/common/guards/allow-logged-in-user-only-guard.tsx b/packages/react-ui/src/app/common/guards/allow-logged-in-user-only-guard.tsx
@@ -49,7 +49,7 @@ export const AllowOnlyLoggedInUserOnlyGuard = ({
   platformHooks.prefetchPlatform();
   platformHooks.prefetchNewerVersionInfo(queryClient);
 
-  flagsHooks.useFlags();
+  const { data: flags } = flagsHooks.useFlags();
   userSettingsHooks.useUserSettings();
   userHooks.useUserMeta();
   appConnectionsHooks.useConnectionsMetadata();
@@ -61,6 +61,7 @@ export const AllowOnlyLoggedInUserOnlyGuard = ({
         await authenticationSession.logOut({
           userInitiated: false,
           navigate,
+          federatedLoginUrl: flags?.FRONTEGG_URL as string | undefined,
         });
       } catch (e) {
         if (isMounted) {
@@ -75,7 +76,14 @@ export const AllowOnlyLoggedInUserOnlyGuard = ({
     return () => {
       isMounted = false;
     };
-  }, [isLoggedIn, expired, location.pathname, location.search, navigate]);
+  }, [
+    isLoggedIn,
+    expired,
+    location.pathname,
+    location.search,
+    navigate,
+    flags,
+  ]);
 
   if (!isLoggedIn || expired) {
     return <Navigate to="/sign-in" replace />;
diff --git a/packages/react-ui/src/app/common/guards/frontegg-auth-guard.tsx b/packages/react-ui/src/app/common/guards/frontegg-auth-guard.tsx
@@ -0,0 +1,7 @@
+type FronteggAuthGuardProps = {
+  children: React.ReactNode;
+};
+
+export const FronteggAuthGuard = ({ children }: FronteggAuthGuardProps) => {
+  return children;
+};
diff --git a/packages/react-ui/src/app/features/navigation/layout/global-layout.tsx b/packages/react-ui/src/app/features/navigation/layout/global-layout.tsx
@@ -8,6 +8,7 @@ import { useCallback, useEffect, useState } from 'react';
 import { Outlet, useLocation } from 'react-router-dom';
 
 import { AllowOnlyLoggedInUserOnlyGuard } from '@/app/common/guards/allow-logged-in-user-only-guard';
+import { FronteggAuthGuard } from '@/app/common/guards/frontegg-auth-guard';
 import { useResizablePanelGroup } from '@/app/common/hooks/use-resizable-panel-group';
 import { RESIZABLE_PANEL_IDS } from '@/app/constants/layout';
 import {
@@ -102,76 +103,78 @@ export function GlobalLayout() {
   }
 
   return (
-    <AllowOnlyLoggedInUserOnlyGuard>
-      <div className="h-screen w-screen overflow-hidden">
-        <ResizablePanelGroup
-          direction="horizontal"
-          id="page-container"
-          onLayout={onResize}
-          className="h-full"
-        >
-          <LeftSidebarResizablePanel
-            minSize={
-              isMinimized
-                ? GLOBAL_SIDEBAR_MINIMIZED_WIDTH
-                : GLOBAL_SIDEBAR_MIN_SIZE
-            }
-            maxSize={
-              isMinimized
-                ? GLOBAL_SIDEBAR_MINIMIZED_WIDTH
-                : LEFT_SIDEBAR_MAX_SIZE
-            }
-            collapsedSize={
-              isMinimized
-                ? GLOBAL_SIDEBAR_MINIMIZED_WIDTH
-                : LEFT_SIDEBAR_MIN_SIZE
-            }
-            isDragging={isDragging}
-            className={cn(
-              LEFT_SIDEBAR_MIN_EFFECTIVE_WIDTH,
-              'shadow-sidebar z-[12]',
-              {
-                'min-w-[70px] max-w-[70px]': isMinimized,
-              },
-              {
-                'max-w-[400px]': !isMinimized,
-              },
-            )}
-          >
-            <DashboardSideMenu />
-          </LeftSidebarResizablePanel>
-
-          <ResizableHandle
-            className="bg-transparent"
-            disabled={isMinimized}
-            onDragging={setIsDragging}
-            style={{
-              width: '0px',
-            }}
-          />
-
-          <AiChatResizablePanel onDragging={setIsDragging} />
-
-          <ResizablePanel
-            id={RESIZABLE_PANEL_IDS.MAIN}
-            order={3}
-            className="flex-1 h-full overflow-hidden min-w-[900px] contain-layout"
-            defaultSize={GLOBAL_MAIN_PANEL_DEFAULT_SIZE}
-            minSize={GLOBAL_MAIN_PANEL_MIN_SIZE}
+    <FronteggAuthGuard>
+      <AllowOnlyLoggedInUserOnlyGuard>
+        <div className="h-screen w-screen overflow-hidden">
+          <ResizablePanelGroup
+            direction="horizontal"
+            id="page-container"
+            onLayout={onResize}
+            className="h-full"
           >
-            <div className="relative h-full w-full">
-              <AiConfigurationPrompt
-                className={cn({
-                  'bottom-[60px]':
-                    location.pathname.startsWith('/flows/') ||
-                    location.pathname.startsWith('/runs/'),
-                })}
-              />
-              <Outlet />
-            </div>
-          </ResizablePanel>
-        </ResizablePanelGroup>
-      </div>
-    </AllowOnlyLoggedInUserOnlyGuard>
+            <LeftSidebarResizablePanel
+              minSize={
+                isMinimized
+                  ? GLOBAL_SIDEBAR_MINIMIZED_WIDTH
+                  : GLOBAL_SIDEBAR_MIN_SIZE
+              }
+              maxSize={
+                isMinimized
+                  ? GLOBAL_SIDEBAR_MINIMIZED_WIDTH
+                  : LEFT_SIDEBAR_MAX_SIZE
+              }
+              collapsedSize={
+                isMinimized
+                  ? GLOBAL_SIDEBAR_MINIMIZED_WIDTH
+                  : LEFT_SIDEBAR_MIN_SIZE
+              }
+              isDragging={isDragging}
+              className={cn(
+                LEFT_SIDEBAR_MIN_EFFECTIVE_WIDTH,
+                'shadow-sidebar z-[12]',
+                {
+                  'min-w-[70px] max-w-[70px]': isMinimized,
+                },
+                {
+                  'max-w-[400px]': !isMinimized,
+                },
+              )}
+            >
+              <DashboardSideMenu />
+            </LeftSidebarResizablePanel>
+
+            <ResizableHandle
+              className="bg-transparent"
+              disabled={isMinimized}
+              onDragging={setIsDragging}
+              style={{
+                width: '0px',
+              }}
+            />
+
+            <AiChatResizablePanel onDragging={setIsDragging} />
+
+            <ResizablePanel
+              id={RESIZABLE_PANEL_IDS.MAIN}
+              order={3}
+              className="flex-1 h-full overflow-hidden min-w-[900px] contain-layout"
+              defaultSize={GLOBAL_MAIN_PANEL_DEFAULT_SIZE}
+              minSize={GLOBAL_MAIN_PANEL_MIN_SIZE}
+            >
+              <div className="relative h-full w-full">
+                <AiConfigurationPrompt
+                  className={cn({
+                    'bottom-[60px]':
+                      location.pathname.startsWith('/flows/') ||
+                      location.pathname.startsWith('/runs/'),
+                  })}
+                />
+                <Outlet />
+              </div>
+            </ResizablePanel>
+          </ResizablePanelGroup>
+        </div>
+      </AllowOnlyLoggedInUserOnlyGuard>
+    </FronteggAuthGuard>
   );
 }
diff --git a/packages/react-ui/src/app/interceptors.ts b/packages/react-ui/src/app/interceptors.ts
@@ -2,6 +2,9 @@ import { API_URL, isUrlRelative } from '@/app/lib/api';
 import { authenticationSession } from '@/app/lib/authentication-session';
 import axios, { AxiosError, HttpStatusCode } from 'axios';
 import { OPENOPS_CLOUD_USER_INFO_API_URL } from './constants/cloud';
+import { QueryKeys } from './constants/query-keys';
+import { FlagsMap } from './lib/flags-api';
+import { queryClient } from './lib/query-client';
 
 const unauthenticatedRoutes = [
   '/v1/authentication/sign-in',
@@ -25,7 +28,7 @@ const needsAuthHeader = (url: string): boolean => {
 // Add request interceptor to append Authorization header
 axios.interceptors.request.use((config) => {
   const token = authenticationSession.getToken();
-  if (token && needsAuthHeader(config.url!)) {
+  if (token && config.url && needsAuthHeader(config.url)) {
     config.headers.Authorization = `Bearer ${token}`;
   }
   return config;
@@ -56,10 +59,15 @@ axios.interceptors.response.use(
 
       if (url !== OPENOPS_CLOUD_USER_INFO_API_URL && !isSignInRoute) {
         console.warn('JWT expired logging out');
+
+        const flags = queryClient.getQueryData<FlagsMap>([QueryKeys.flags]);
         authenticationSession.logOut({
           userInitiated: false,
+          federatedLoginUrl: flags?.FRONTEGG_URL as string | undefined,
         });
-        window.location.reload();
+        if (!flags?.FRONTEGG_URL) {
+          window.location.reload();
+        }
       }
     }
     return Promise.reject(error);
diff --git a/packages/react-ui/src/app/lib/authentication-session.ts b/packages/react-ui/src/app/lib/authentication-session.ts
@@ -79,9 +79,11 @@ export const authenticationSession = {
   async logOut({
     userInitiated = false,
     navigate,
+    federatedLoginUrl,
   }: {
     userInitiated: boolean;
     navigate?: NavigateFunction;
+    federatedLoginUrl?: string;
   }) {
     await authenticationApi.signOut();
     localStorage.removeItem(currentUserKey);
@@ -92,6 +94,12 @@ export const authenticationSession = {
       localStorage.setItem(LOGOUT_EVENT_KEY, Date.now().toString());
     }
 
+    if (federatedLoginUrl) {
+      // do not use saved path from navigationUtil as we will get validation error from Frontegg
+      window.location.href = `${federatedLoginUrl}/oauth/logout?post_logout_redirect_uri=${window.location.origin}`;
+      return;
+    }
+
     if (
       window.location.pathname === '/sign-in' ||
       window.location.pathname === '/sign-up'
diff --git a/packages/react-ui/src/app/lib/frontegg-setup.ts b/packages/react-ui/src/app/lib/frontegg-setup.ts
diff --git a/packages/react-ui/src/app/lib/jwt-utils.ts b/packages/react-ui/src/app/lib/jwt-utils.ts
diff --git a/packages/react-ui/src/app/lib/query-client.ts b/packages/react-ui/src/app/lib/query-client.ts
@@ -0,0 +1,3 @@
+import { QueryClient } from '@tanstack/react-query';
+
+export const queryClient = new QueryClient();
diff --git a/packages/react-ui/src/app/routes/cloud-connection/cloud-connection-page.tsx b/packages/react-ui/src/app/routes/cloud-connection/cloud-connection-page.tsx
@@ -3,13 +3,16 @@ import { flagsHooks } from '@/app/common/hooks/flags-hooks';
 import { ORGIN_PROJECT_ID_KEY, ORGIN_USER_ID_KEY } from '@/app/constants/cloud';
 import { cloudUserApi } from '@/app/features/cloud/lib/cloud-user-api';
 import { getProjectIdSearchParam } from '@/app/features/cloud/lib/utils';
+import {
+  additionalFronteggParams,
+  initializeFrontegg,
+} from '@/app/lib/frontegg-setup';
+import { getExpirationDate } from '@/app/lib/jwt-utils';
 import { CloudLoggedInBrief } from '@openops/components/ui';
 import Cookies from 'js-cookie';
 import { useEffect, useState } from 'react';
 import { useNavigate } from 'react-router-dom';
 import { useEffectOnce } from 'react-use';
-import { additionalFronteggParams, initializeFrontegg } from './frontegg-setup';
-import { getExpirationDate } from './jwt-utils';
 
 const CloudConnectionPage = () => {
   const navigate = useNavigate();
diff --git a/packages/react-ui/src/app/routes/cloud-connection/cloud-logout-page.tsx b/packages/react-ui/src/app/routes/cloud-connection/cloud-logout-page.tsx
@@ -1,9 +1,9 @@
 import { flagsHooks } from '@/app/common/hooks/flags-hooks';
+import { initializeFrontegg } from '@/app/lib/frontegg-setup';
 import { FronteggApp } from '@frontegg/js';
 import Cookies from 'js-cookie';
 import { useEffect } from 'react';
 import { useNavigate } from 'react-router-dom';
-import { initializeFrontegg } from './frontegg-setup';
 
 const handleAppReady = (app: FronteggApp) => {
   app.ready(() => handleLogout(app));
diff --git a/packages/react-ui/src/app/routes/sign-in/index.tsx b/packages/react-ui/src/app/routes/sign-in/index.tsx
@@ -1,7 +1,17 @@
 import { AppLogo } from '@/app/common/components/app-logo';
+import { flagsHooks } from '@/app/common/hooks/flags-hooks';
 import { AuthFormTemplate } from '@/app/features/authentication/components/auth-form-template';
+import { FlagId } from '@openops/shared';
 
 const SignInPage: React.FC = () => {
+  const { data: isFederatedLogin } = flagsHooks.useFlag<boolean | undefined>(
+    FlagId.FEDERATED_LOGIN_ENABLED,
+  );
+
+  if (isFederatedLogin) {
+    return null;
+  }
+
   return (
     <div className="flex h-screen flex-col items-center justify-center gap-2">
       <AppLogo />
diff --git a/packages/shared/src/lib/flag/flag.ts b/packages/shared/src/lib/flag/flag.ts
@@ -63,4 +63,5 @@ export enum FlagId {
   OAUTH_PROXY_URL = 'OAUTH_PROXY_URL',
   CANDU_CLIENT_TOKEN = 'CANDU_CLIENT_TOKEN',
   SAMPLE_DATA_SIZE_LIMIT_KB = 'SAMPLE_DATA_SIZE_LIMIT_KB',
+  FEDERATED_LOGIN_ENABLED = 'FEDERATED_LOGIN_ENABLED',
 }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+import { QueryClient } from '@tanstack/react-query';`
	`2`	`+`
	`3`	`+export const queryClient = new QueryClient();`