Skip to content

ROX-34803: update logic in roxctl SSO callback#21033

Open
stehessel wants to merge 1 commit into
masterfrom
ROX-34803/open-redirect-jwt-exfiltration
Open

ROX-34803: update logic in roxctl SSO callback#21033
stehessel wants to merge 1 commit into
masterfrom
ROX-34803/open-redirect-jwt-exfiltration

Conversation

@stehessel

@stehessel stehessel commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Description

See ROX-34803 and https://docs.google.com/document/d/1UHp8miEJ3Gqyk3XdS5yyaFsREEkOdMjW8RxZcUhfXrs/edit?usp=sharing for more information.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

see https://docs.google.com/document/d/1UHp8miEJ3Gqyk3XdS5yyaFsREEkOdMjW8RxZcUhfXrs/edit?usp=sharing

@openshift-ci

openshift-ci Bot commented Jun 9, 2026

Copy link
Copy Markdown

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@coderabbitai

coderabbitai Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: df17a7bc-c04b-460c-b051-ecc39a7a48de

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ROX-34803/open-redirect-jwt-exfiltration

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🚀 Build Images Ready

Images are ready for commit ac5833c. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.12.x-134-gac5833c998

@stehessel stehessel force-pushed the ROX-34803/open-redirect-jwt-exfiltration branch 3 times, most recently from 5cc3f4d to b558100 Compare June 9, 2026 14:52
@stehessel stehessel changed the title ROX-34803: prevent JWT exfiltration in roxctl SSO callback ROX-34803: update logic in roxctl SSO callback Jun 9, 2026
@stehessel stehessel force-pushed the ROX-34803/open-redirect-jwt-exfiltration branch 3 times, most recently from b5ae5f0 to 97c4acb Compare June 9, 2026 16:42
@stehessel stehessel requested a review from rukletsov June 9, 2026 16:45
@stehessel stehessel marked this pull request as ready for review June 9, 2026 17:44
@stehessel stehessel requested review from a team as code owners June 9, 2026 17:44
@stehessel

stehessel commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator Author

/retest

@stehessel stehessel force-pushed the ROX-34803/open-redirect-jwt-exfiltration branch from 97c4acb to 440ff6f Compare June 10, 2026 09:51
@stehessel stehessel force-pushed the ROX-34803/open-redirect-jwt-exfiltration branch from 440ff6f to ac5833c Compare June 10, 2026 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rukletsov rukletsov rukletsov approved these changes

@parametalol parametalol parametalol approved these changes

Assignees

No one assigned

Labels

ai-review area/auth area/ui coderabbit-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stehessel @rukletsov @parametalol