heph Authentik: register heph-pwa redirect URIs (PKCE login) #370

Merged

eblume merged 1 commit from heph-pwa-redirect-uris into main

2026-06-05 07:30:33 -07:00

eblume commented

2026-06-05 07:27:29 -07:00

Owner

Adds the heph-pwa redirect URIs to the Authentik heph OAuth2 provider so the new browser Login with Authentik flow (Authorization Code + PKCE, hephaestus PR #9) can redirect back and exchange the code:

https://heph.ops.eblu.me/ (the PWA origin)
http://localhost:8787/ (local dev: hephd --web-root)

Authentik also keys token-endpoint CORS off these origins, so they're required for the browser token exchange. Additive (the provider was redirect_uris: []); harmless until the PWA feature deploys.

🤖 Generated with Claude Code

Adds the heph-pwa redirect URIs to the Authentik `heph` OAuth2 provider so the new browser **Login with Authentik** flow (Authorization Code + PKCE, hephaestus PR #9) can redirect back and exchange the code: - `https://heph.ops.eblu.me/` (the PWA origin) - `http://localhost:8787/` (local dev: `hephd --web-root`) Authentik also keys token-endpoint CORS off these origins, so they're required for the browser token exchange. Additive (the provider was `redirect_uris: []`); harmless until the PWA feature deploys. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

eblume added 1 commit

2026-06-05 07:27:29 -07:00

heph Authentik: register heph-pwa redirect URIs for PKCE login 3660b65981

The heph-pwa browser login (hephaestus PR #9) uses Authorization Code + PKCE,
which redirects back to the app origin. Register https://heph.ops.eblu.me/ (and
http://localhost:8787/ for dev) on the heph provider; Authentik also keys
token-endpoint CORS off these origins.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>