Merge pull request #30 from markrai/bugfix/oidc-ui-debug

fix(web): rebuild dist for OIDC SSO button and auth status flags

Author: markrai

CHANGELOG.md

@@ -3,6 +3,14 @@
 > **Upgrades:** No breaking changes in **3.7.x** / **3.8.x** / **3.9.x** unless noted below.
 
 
+## [3.9.1] - 2026-04-04
+
+### Fixes
+
+- **OIDC auth UI (embedded `dist/`)** — Rebuilt **`internal/httpapi/web/dist/`** so the compiled bundle matches **`modules/`**: router applies **`oidcEnabled`** / **`localAuthEnabled`** from **`GET /api/auth/status`**, and the login screen shows **Continue with SSO** when OIDC is configured (previously only TypeScript sources were updated in **3.9.0**, so production builds loading **`dist/router.js`** did not surface the SSO button).
+
+---
+
 ## [3.9.0] - 2026-04-03
 
 ### Features

README.md

@@ -1,7 +1,7 @@
 <p align="center">
   <img width="372" src="internal/httpapi/web/githublogo.png" alt="scrumboy logo" />
   <br />
-  <img src="https://img.shields.io/badge/version-v3.9.0-blue" alt="version" />
+  <img src="https://img.shields.io/badge/version-v3.9.1-blue" alt="version" />
   <a href="LICENSE">
     <img src="https://img.shields.io/badge/license-AGPL--v3-orange" alt="license" />
   </a>

internal/httpapi/web/dist/router.js

@@ -1,7 +1,7 @@
 import { apiFetch } from './api.js';
 import { renderAuth, renderResetPassword, renderProjects, renderDashboard, renderBoard, renderNotFound, stopBoardEvents } from './views/index.js';
-import { getAuthStatusChecked, getUser, getBootstrapAvailable, getAuthStatusAvailable, getBoard } from './state/selectors.js';
-import { setAuthStatusChecked, setAuthStatusAvailable, setUser, setBootstrapAvailable, setRoute, setTag, setSearch, setSlug, setProjectId, setBoard, resetUserScopedState, setTagColors, setOpenTodoSegment, hydrateDashboardTodoSortFromServer } from './state/mutations.js';
+import { getAuthStatusChecked, getUser, getBootstrapAvailable, getAuthStatusAvailable, getBoard, getOidcEnabled, getLocalAuthEnabled } from './state/selectors.js';
+import { setAuthStatusChecked, setAuthStatusAvailable, setUser, setBootstrapAvailable, setOidcEnabled, setLocalAuthEnabled, setRoute, setTag, setSearch, setSlug, setProjectId, setBoard, resetUserScopedState, setTagColors, setOpenTodoSegment, hydrateDashboardTodoSortFromServer } from './state/mutations.js';
 import { loadUserTheme } from './theme.js';
 let isRouting = false;
 let rerouteRequested = false;
@@ -73,6 +73,8 @@ async function routeOnce() {
         }
         setUser(newUser);
         setBootstrapAvailable(!!(st && st.bootstrapAvailable));
+        setOidcEnabled(!!(st && st.oidcEnabled));
+        setLocalAuthEnabled(st && st.localAuthEnabled !== false);
         // Load full profile (including avatar) when logged in; /api/auth/status omits image to keep it lean
         if (newUser) {
             try {
@@ -152,7 +154,7 @@ async function routeOnce() {
     if (getUser() == null && getAuthStatusChecked() && getAuthStatusAvailable()) {
         if (r.name === "projects" || r.name === "dashboard" || r.name === "boardBySlug") {
             console.log("Router: showing auth UI (not logged in)");
-            renderAuth({ next: window.location.pathname + window.location.search, bootstrap: getBootstrapAvailable() });
+            renderAuth({ next: window.location.pathname + window.location.search, bootstrap: getBootstrapAvailable(), oidcEnabled: getOidcEnabled(), localAuthEnabled: getLocalAuthEnabled() });
             return;
         }
     }
@@ -197,7 +199,7 @@ async function routeOnce() {
             console.error("Router: error rendering board:", err);
             if (err && err.status === 401) {
                 // Only show auth UI for 401s (entry points). Resource endpoints should generally return 404 when unauthenticated.
-                renderAuth({ next: window.location.pathname + window.location.search, bootstrap: false });
+                renderAuth({ next: window.location.pathname + window.location.search, bootstrap: false, oidcEnabled: getOidcEnabled(), localAuthEnabled: getLocalAuthEnabled() });
                 return;
             }
             throw err;

internal/httpapi/web/dist/state/mutations.js

@@ -72,6 +72,12 @@ export function setAuthStatusChecked(checked) {
 export function setBootstrapAvailable(available) {
     current._bootstrapAvailable = available;
 }
+export function setOidcEnabled(enabled) {
+    current._oidcEnabled = enabled;
+}
+export function setLocalAuthEnabled(enabled) {
+    current._localAuthEnabled = enabled;
+}
 export function setProjectsTab(tab) {
     current.projectsTab = tab;
 }

internal/httpapi/web/dist/state/selectors.js

@@ -64,6 +64,12 @@ export function getAuthStatusChecked() {
 export function getBootstrapAvailable() {
     return current._bootstrapAvailable;
 }
+export function getOidcEnabled() {
+    return !!current._oidcEnabled;
+}
+export function getLocalAuthEnabled() {
+    return current._localAuthEnabled !== false;
+}
 export function getProjectsTab() {
     return current.projectsTab;
 }

internal/httpapi/web/dist/views/auth.js

@@ -4,7 +4,16 @@ import { showToast, getAppVersion, escapeHTML, redirectAfterAuth } from '../util
 export function renderAuth(opts = {}) {
     const next = opts.next || (window.location.pathname + window.location.search);
     const bootstrapAvailable = !!opts.bootstrap;
+    const oidcEnabled = !!opts.oidcEnabled;
+    const localAuthEnabled = opts.localAuthEnabled !== false;
     const version = getAppVersion();
+    const ssoButtonHTML = oidcEnabled
+        ? `<a class="btn btn--sso" href="/api/auth/oidc/login?return_to=${encodeURIComponent(next)}">Continue with SSO</a>`
+        : '';
+    const showLocalForm = localAuthEnabled;
+    const dividerHTML = oidcEnabled && showLocalForm
+        ? `<div class="auth-divider"><span>or</span></div>`
+        : '';
     app.innerHTML = `
     <div class="page page--auth">
       <div class="topbar">
@@ -21,6 +30,9 @@ export function renderAuth(opts = {}) {
           <div class="muted" style="margin-bottom: 12px;">
             Authentication is enabled for this instance. Anonymous boards remain shareable by URL; durable projects require sign-in.
           </div>
+          ${ssoButtonHTML}
+          ${dividerHTML}
+          ${showLocalForm ? `
           <form id="authForm" class="stack">
             ${bootstrapAvailable ? `<input class="input" id="authName" placeholder="Name" maxlength="200" autocomplete="name" required />` : ``}
             <input class="input" id="authEmail" placeholder="Email" maxlength="200" autocomplete="email" required />
@@ -37,6 +49,7 @@ export function renderAuth(opts = {}) {
         : `<button class="btn" type="submit" id="loginBtn">Login</button>`}
             </div>
           </form>
+          ` : ''}
         </div>
       </div>
       ${version ? `<div class="app-version">v${escapeHTML(version)}</div>` : ''}
@@ -58,6 +71,18 @@ export function renderAuth(opts = {}) {
             pwToggle.setAttribute("title", isPassword ? "Hide password" : "Show password");
         });
     }
+    const params = new URLSearchParams(window.location.search);
+    const oidcError = params.get('oidc_error');
+    if (oidcError) {
+        const msgs = {
+            state_invalid: 'Login session expired or invalid. Please try again.',
+            provider: 'The identity provider returned an error.',
+            token: 'Authentication failed. Please try again.',
+            email: 'A verified email address is required.',
+        };
+        showToast(msgs[oidcError] || 'Authentication failed.');
+        window.history.replaceState({}, '', window.location.pathname);
+    }
     if (bootstrapAvailable) {
         const bootstrapBtn = document.getElementById("bootstrapBtn");
         if (bootstrapBtn) {

internal/version/version.go

@@ -8,7 +8,7 @@ package version
 //
 // Convention: Update when releasing (e.g., "1.0.0", "1.1.0"); match git tags
 // (e.g., tag "v1.0.0" should have Version = "1.0.0").
-const Version = "3.9.0"
+const Version = "3.9.1"
 
 // ExportFormatVersion is the version of the backup/export data format.
 // Only increment this when the ExportData structure changes in a breaking way.