IS-11327 Apply Result-pattern error handling to EBF and BankID runners#195
Draft
aleixsuau wants to merge 1 commit into
Draft
Conversation
Bring runExternalBrowserFlow onto the same ClientOperationResult contract that
WebAuthn established: always resolves, with { clientOperationData } on success
or { clientOperationError } on a catalogued failure. Three failure paths
(window.open returns null, unexpected origin/non-string data in the resume
message, abort signal) synthesise a HaapiStepperError via getHaapiStepperError
so the stepper surfaces them inline via useHaapiStepper().error.app, with copy
resolved from step.metadata.viewData.error.clientOperation.externalBrowserFlow.
{ launch | resume } — two keys mirroring Velocity's launch-error and
external-flow-end templates.
The EBF runner also fixes a latent listener+popup leak in the previous code:
the unexpected-origin/data branch now goes through cleanup instead of leaving
the message listener registered and the popup open.
runBankIdAuthentication adopts the contract too, but narrowed to the
success-only branch (Promise<{ clientOperationData }>) — the LWA's BankID
launcher has no client-side catchable failures today (anchor.click is fire-
and-forget; the real BankID failures land on the next polling step). When a
client-side failure mode eventually lands, widen to the full union and
introduce currentStep then.
File-layout follow-up: external-browser-flow.ts moves into its own
subdirectory with sibling typings.ts and index.ts barrel, matching the
webauthn/ and bankid/ conventions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jira: https://curity.atlassian.net/browse/IS-11327
Follow-up to the WebAuthn portion of IS-11327 (PR #194). Brings
runExternalBrowserFlowandrunBankIdAuthenticationonto the sameClientOperationResultdiscriminated-union contract so client-operation failures flow throughuseHaapiStepper().error.applike WebAuthn's.Test plan
Apply
ebf-verification.patch
There is a harness inside
runExternalBrowserFlowthat short-circuits each failure branch + supplies mock copy (BE hasn't shippedstep.metadata.viewData.error.clientOperation.externalBrowserFlow.{launch,resume}yet). Change it to emulate each error.Start a fresh OAuth flow:
Pick
openid-wallet1Click the button**"The authentication process needs to use an external browser"**.
Toggle each branch
Edit
EBF_HARNESS_FAILURE_MODEat the top ofsrc/haapi-stepper/feature/actions/client-operation/operations/external-browser-flow/external-browser-flow.ts:'LAUNCH'window.openreturnsnull→ launch-error branch → "External browser flow could not start…"'RESUME_BAD_ORIGIN'about:blank, dispatches amessagewith attacker origin → resume-error branch (origin guard)'RESUME_BAD_DATA'about:blank, dispatches amessagewith non-string data → resume-error branch (type guard)'ABORT'about:blank, firesonAbort()→ resume-error branch (abort handler)nullWhat to confirm
ClientOperationResult, never escape to theErrorBoundary.LAUNCHmode (runner short-circuits beforewindow.open).