Skip to content

Strip ephemeral query params from OIDC redirect URI#32875

Merged
t3chguy merged 1 commit intoelement-hq:developfrom
azmeuk:32874-redirect-uri
Mar 23, 2026
Merged

Strip ephemeral query params from OIDC redirect URI#32875
t3chguy merged 1 commit intoelement-hq:developfrom
azmeuk:32874-redirect-uri

Conversation

@azmeuk
Copy link
Copy Markdown
Contributor

@azmeuk azmeuk commented Mar 20, 2026
edited by t3chguy
Loading

getOidcCallbackUrl was building the OIDC redirect_uri from window.location.href, which may contain ephemeral params such as updated (appended on auto-update of element-web). This caused a redirect_uri mismatch on authorization servers.

Fixes #32874

Checklist

@azmeuk
fix: strip ephemeral query params from OIDC redirect URI
e50967a 
getOidcCallbackUrl() was building the redirect_uri from window.location.href,
which may contain ephemeral params such as `updated` (appended on auto-update of element-web).
This caused a redirect_uri mismatch on authorization servers.
@azmeuk azmeuk requested a review from a team as a code owner March 20, 2026 16:33
@azmeuk azmeuk requested review from florianduros and t3chguy March 20, 2026 16:33
@github-actions github-actions bot added the Z-Community-PR Issue is solved by a community member's PR label Mar 20, 2026
t3chguy
t3chguy approved these changes Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@t3chguy t3chguy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks sane to me, thanks

@t3chguy t3chguy added this pull request to the merge queue Mar 23, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 23, 2026
@t3chguy t3chguy added this pull request to the merge queue Mar 23, 2026
Merged via the queue into element-hq:develop with commit aecdbc3 Mar 23, 2026
53 of 54 checks passed
@azmeuk azmeuk deleted the 32874-redirect-uri branch March 23, 2026 16:41
@azmeuk
Copy link
Copy Markdown
Contributor Author

azmeuk commented Mar 25, 2026

Hi @t3chguy, thanks for reviewing and merging this. 🙇
I saw v1.12.13 was released without this fix, has it been forgotten, or do you have a process to select what's in and out of releases? (And, will it be shipped for the next one?)
No pressure anyway.

@t3chguy
Copy link
Copy Markdown
Member

t3chguy commented Mar 25, 2026
edited
Loading

The process is anything on develop on the day of the RC is cut into the staging branch, then the release is just the RC plus any hotfixes. The RC is a week before the release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@t3chguy t3chguy t3chguy approved these changes

@florianduros florianduros Awaiting requested review from florianduros florianduros is a code owner automatically assigned from element-hq/element-web-reviewers

Assignees

No one assigned

Labels

T-Defect Z-Community-PR Issue is solved by a community member's PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

getOidcCallbackUrl() includes ephemeral query params in redirect_uri, breaking OIDC login

2 participants

@azmeuk @t3chguy