IS-9960 HAAPI React App/SDK: add support for form_post response mode#252
Merged
luisgoncalves merged 2 commits intoJul 2, 2026
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds support in the HAAPI React stepper for OAuth/OIDC form_post response mode by allowing completed (terminal) steps to auto-return to the client application either via redirect/GET link or by auto-submitting a form POST action.
Changes:
- Extend completed-step handling to support
authorization-responseas a form action (form POST) in addition to the existing redirect link flow. - Add a new
HAAPI_FORM_ACTION_KINDS.AUTHORIZATION_RESPONSEkind and extend completed step types to optionally include form actions. - Update test fixtures and stepper tests to cover redirect/GET, form_post, and error scenarios (missing link/action).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/haapi-react-sdk/haapi-stepper/util/tests/api-responses.ts | Adds completed-step fixtures for form_post response mode and renames “without links” fixtures to reflect missing links/actions. |
| src/haapi-react-sdk/haapi-stepper/feature/stepper/step-handlers/completed-step.ts | Implements form_post auto-redirect by building and submitting an HTML form when an authorization-response form action exists. |
| src/haapi-react-sdk/haapi-stepper/feature/stepper/HaapiStepper.spec.tsx | Adds/updates unit tests for completed step redirect vs form_post behavior, plus new error cases. |
| src/haapi-react-sdk/haapi-stepper/data-access/types/haapi-step.types.ts | Extends completed step types to optionally include form actions for form_post response mode. |
| src/haapi-react-sdk/haapi-stepper/data-access/types/haapi-action.types.ts | Adds AUTHORIZATION_RESPONSE to form action kinds. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aleixsuau
approved these changes
Jul 2, 2026
markoweb
approved these changes
Jul 2, 2026
…ons for each response mode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds support in the HAAPI React stepper for OAuth/OIDC
form_postresponse mode by allowing completed (terminal) steps to auto-return to the client application either via redirect/GET link or by auto-submitting a form POST action.The auto-submitting form is manually added to the DOM as a side-effect, because the application is going to be unloaded, anyway. This is similar to how the redirect is immediately done by changing
window.location.I reorganized the tests for "Completed Step" a bit, to test common cases and then the specifics of redirect and form POST. The diff may be a bit confusing; here's how that section of the tests is organized now:
success - redirect,error - redirect,success - Form POST,error - Form POST)success,error)success,error)There's a companion idsvr PR which adds
form_postresponse mode to existing e2e smoke tests.