Skip to content

IS-9960 HAAPI React App/SDK: add support for form_post response mode#252

Merged
luisgoncalves merged 2 commits into
devfrom
feature/dev/IS-9960-haapi-react-sdk-support-form-post-response-mode
Jul 2, 2026
Merged

IS-9960 HAAPI React App/SDK: add support for form_post response mode#252
luisgoncalves merged 2 commits into
devfrom
feature/dev/IS-9960-haapi-react-sdk-support-form-post-response-mode

Conversation

@luisgoncalves

@luisgoncalves luisgoncalves commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Adds support in the HAAPI React stepper for OAuth/OIDC form_post response mode by allowing completed (terminal) steps to auto-return to the client application either via redirect/GET link or by auto-submitting a form POST action.

The auto-submitting form is manually added to the DOM as a side-effect, because the application is going to be unloaded, anyway. This is similar to how the redirect is immediately done by changing window.location.

I reorganized the tests for "Completed Step" a bit, to test common cases and then the specifics of redirect and form POST. The diff may be a bit confusing; here's how that section of the tests is organized now:

  • Completed Step
    • Common - $label (runs for each: success - redirect, error - redirect, success - Form POST, error - Form POST)
      • autoRedirectOnAuthenticationComplete enabled (default)
        • should throw error to the error boundary when no authorization-response link or action exists
        • should throw error to the error boundary when links or actions exist but none have rel/kind "authorization-response"
      • autoRedirectOnAuthenticationComplete disabled
        • should render the completed step instead of redirecting
        • should add the completed step to history with the full OAuth payload accessible to consumers
    • Redirect/GET - $label (runs for each: success, error)
      • should redirect to the authorization-response URL
    • Form POST - $label (runs for each: success, error)
      • POSTs a form to the authorization-response URL

There's a companion idsvr PR which adds form_post response mode to existing e2e smoke tests.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support in the HAAPI React stepper for OAuth/OIDC form_post response mode by allowing completed (terminal) steps to auto-return to the client application either via redirect/GET link or by auto-submitting a form POST action.

Changes:

  • Extend completed-step handling to support authorization-response as a form action (form POST) in addition to the existing redirect link flow.
  • Add a new HAAPI_FORM_ACTION_KINDS.AUTHORIZATION_RESPONSE kind and extend completed step types to optionally include form actions.
  • Update test fixtures and stepper tests to cover redirect/GET, form_post, and error scenarios (missing link/action).

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/haapi-react-sdk/haapi-stepper/util/tests/api-responses.ts Adds completed-step fixtures for form_post response mode and renames “without links” fixtures to reflect missing links/actions.
src/haapi-react-sdk/haapi-stepper/feature/stepper/step-handlers/completed-step.ts Implements form_post auto-redirect by building and submitting an HTML form when an authorization-response form action exists.
src/haapi-react-sdk/haapi-stepper/feature/stepper/HaapiStepper.spec.tsx Adds/updates unit tests for completed step redirect vs form_post behavior, plus new error cases.
src/haapi-react-sdk/haapi-stepper/data-access/types/haapi-step.types.ts Extends completed step types to optionally include form actions for form_post response mode.
src/haapi-react-sdk/haapi-stepper/data-access/types/haapi-action.types.ts Adds AUTHORIZATION_RESPONSE to form action kinds.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@luisgoncalves luisgoncalves requested a review from aleixsuau July 1, 2026 16:15
@luisgoncalves luisgoncalves marked this pull request as ready for review July 1, 2026 16:15
@luisgoncalves luisgoncalves merged commit 009d348 into dev Jul 2, 2026
4 checks passed
@luisgoncalves luisgoncalves deleted the feature/dev/IS-9960-haapi-react-sdk-support-form-post-response-mode branch July 2, 2026 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants