Conversation
…+ compatibility (#41271) ## Description **Problem:** Spring Boot 3.3.13 enforces single-valued OAuth2 parameters, causing failures when multiple hd values are present in authorization requests. **Solution:** - Single-valued hd: Always 0 or 1 hd parameter - Domain selection: Use request context to pick the domain - Fallback: Use the first allowed domain when no match is found - Multi-TLD support: Works with .com, .org, .io, etc. - Proxy support: Handles X-Forwarded-Host headers - Case-insensitive: Normalizes domain matching EE Counterpart PR: appsmithorg/appsmith-ee#8211 Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Authentication,@tag.Sanity" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/18095565045> > Commit: e4e0e93 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18095565045&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Authentication,@tag.Sanity` > Spec: > <hr>Mon, 29 Sep 2025 12:34:36 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Improved OAuth login for setups with multiple allowed domains. The system now auto-derives the most appropriate domain from incoming requests, supports subdomain and multi-level matches, and gracefully falls back when no match is found. Ensures OAuth parameters remain single-valued for better compatibility and reliability. - Tests - Added comprehensive test coverage for multi-domain handling, subdomain matching, fallback behavior, empty configurations, and parameter single-value validation. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. 🗂️ Base branches to auto review (2)
Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…+ compatibility (#41271)
Description
Problem:
Spring Boot 3.3.13 enforces single-valued OAuth2 parameters, causing failures when multiple hd values are present in authorization requests.
Solution:
EE Counterpart PR: https://github.com/appsmithorg/appsmith-ee/pull/8211
Fixes #
Issue Numberor
Fixes
Issue URLWarning
If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid.
Automation
/ok-to-test tags="@tag.Authentication,@tag.Sanity"
🔍 Cypress test results
Tip
🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
Workflow run:
https://github.com/appsmithorg/appsmith/actions/runs/18095565045
Commit: e4e0e93
Cypress dashboard.
Tags:
@tag.Authentication,@tag.SanitySpec:
Mon, 29 Sep 2025 12:34:36 UTC
Communication
Should the DevRel and Marketing teams inform users about this change?
Summary by CodeRabbit
Description
Tip
Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team).
Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR.
Fixes #
Issue Numberor
Fixes
Issue URLWarning
If no issue exists, please create an issue first, and check with the maintainers if the issue is valid.
Automation
/ok-to-test tags=""
🔍 Cypress test results
Caution
If you modify the content in this section, you are likely to disrupt the CI result for your PR.
Communication
Should the DevRel and Marketing teams inform users about this change?