From b6be975c92598bebb638bfa1bffd1c9bcc15a4bd Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Mon, 15 Jun 2026 19:38:25 +0545 Subject: [PATCH 1/2] fix(oidc): navigate backend callbacks with full reload When Kratos reports an existing session, the login page used client-side routing for return_to. OIDC callback return paths are served by the backend through Next rewrites, so router.push could leave the browser on the callback URL without completing the flow. Force a document navigation for /oidc/* return paths while keeping client-side navigation for normal app routes. --- .../Authentication/Kratos/ory/errors.tsx | 14 +++++++++++--- src/components/Authentication/Kratos/ory/hooks.ts | 14 +++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/src/components/Authentication/Kratos/ory/errors.tsx b/src/components/Authentication/Kratos/ory/errors.tsx index bb0c7d89d..d07806e08 100644 --- a/src/components/Authentication/Kratos/ory/errors.tsx +++ b/src/components/Authentication/Kratos/ory/errors.tsx @@ -19,10 +19,18 @@ export function handleGetFlowError( return; case "session_already_available": { // User is already signed in; continue the requested flow when return_to is present. - const returnTo = new URLSearchParams(window.location.search).get( - "return_to" + const returnTo = sanitizeReturnTo( + new URLSearchParams(window.location.search).get("return_to") ); - await router.push(sanitizeReturnTo(returnTo)); + + // /oidc/* is served by the backend via Next rewrites, which only fire on + // real navigations, not client-side router.push. + if (returnTo.startsWith("/oidc/")) { + window.location.assign(returnTo); + return; + } + + await router.push(returnTo); return; } case "session_refresh_required": diff --git a/src/components/Authentication/Kratos/ory/hooks.ts b/src/components/Authentication/Kratos/ory/hooks.ts index 695657aa8..d66ef7e39 100644 --- a/src/components/Authentication/Kratos/ory/hooks.ts +++ b/src/components/Authentication/Kratos/ory/hooks.ts @@ -35,10 +35,18 @@ export function handleGetFlowError( return; case "session_already_available": { // User is already signed in; continue the requested flow when return_to is present. - const returnTo = new URLSearchParams(window.location.search).get( - "return_to" + const returnTo = sanitizeReturnTo( + new URLSearchParams(window.location.search).get("return_to") ); - await router.push(sanitizeReturnTo(returnTo)); + + // /oidc/* is served by the backend via Next rewrites, which only fire on + // real navigations, not client-side router.push. + if (returnTo.startsWith("/oidc/")) { + window.location.assign(returnTo); + return; + } + + await router.push(returnTo); return; } case "session_refresh_required": From 18e7d830fc2904b0f0aa5061313d1cd66d2fccf0 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Mon, 15 Jun 2026 21:12:17 +0545 Subject: [PATCH 2/2] fix: Bump chromaui action MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That action is running an outdated canary CLI: ```txt Chromatic CLI v10.6.0--canary... A new major version is available (v17.4.1) ``` This specific “sentinel file not OK / not present” class of errors has been reported against old Chromatic CLI upload logic. So CI is failing during Chromatic’s asset upload/finalization step, not during your app build. --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 01ba83b5e..2bd183ff7 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -30,7 +30,7 @@ jobs: fetch-depth: 0 - name: Install dependencies run: npm i - - uses: chromaui/action@5f2cdb26c04c0364f5c8ca3fc41627a83d6ffc8a # v1 + - uses: chromaui/action@v17.4.1 with: projectToken: ${{ secrets.CHROMATIC_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}