Add custom OAuth consent security guide#3413
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6ae5e884d1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
jescalan
force-pushed
the
je/docs-oauth-custom-consent-page-stack
branch
from
6ae5e88 to
7beb713
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7beb713efd
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
wobsoriano
left a comment
wobsoriano
left a comment
There was a problem hiding this comment.
this looks good on my end 👍🏼
jescalan
force-pushed
the
je/docs-oauth-custom-consent-page-stack
branch
from
7beb713 to
0bf3843
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0bf3843f32
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@coderabbitai review |
jescalan
force-pushed
the
je/docs-oauth-custom-consent-page-stack
branch
from
0bf3843 to
e0e89bf
Compare
|
@codex review |
|
Codex Review: Didn't find any major issues. Already looking forward to the next diff. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
There was a problem hiding this comment.
Love how simple these are. We have a separate issue to investigate alleviating the need for setting the referrer. We will circle back to these docs when we figure that out.
|
|
||
| These examples display the full redirect hostname and an expandable full URL. For a production custom flow, use a public-suffix-aware approach for root-domain summaries, handle IP addresses and localhost explicitly, and test long redirect URIs to make sure the real destination remains visible. | ||
|
|
||
| These examples also do not implement organization selection. If an OAuth application can request `user:org:read`, use `<OAuthConsent />` or add an organization selector that submits the selected `organization_id` with the allow action. |
There was a problem hiding this comment.
How can we remember to update this bit when <OrgSelect /> is made generally available? 🤔
jescalan
force-pushed
the
je/docs-oauth-custom-consent-page-stack
branch
from
e0e89bf to
824e683
Compare
3 participants
Summary
Stacks on #3315. Adds a security-focused guide for configuring a custom OAuth consent page, with a strong recommendation to use the Account Portal or the prebuilt
<OAuthConsent />component instead of a fully custom flow.The guide covers consent phishing risk, required consent-screen content, redirect URI presentation, route configuration, safer appearance-based customization, and low-level custom-flow responsibilities.
Changes in this repo
Customize the OAuth consent pageto the OAuth guide section.<OAuthConsent />examples for Next.js, React, React Router, TanStack React Start, Astro, Vue, and Nuxt.Preview links
New pages:
Changed sections:
<OAuthConsent />component referenceuseOAuthConsent()hook referenceParent PR
Validation
rtk pnpm -C clerk-docs buildrtk pnpm -C clerk-docs lintrtk git -C clerk-docs diff --check