crashlabs/huskies
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

storkit: done 449_bug_oauth_callback_url_ignores_port_cli_flag

Browse Source
This commit is contained in:
dave
2026-03-31 14:55:49 +00:00
parent 57e0197d75
commit 5f0680c6c1
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.storkit/work/5_done/449_bug_oauth_callback_url_ignores_port_cli_flag.md
+27
View File
@@ -0,0 +1,27 @@
---
name: "OAuth callback URL ignores --port CLI flag"
---
# Bug 449: OAuth callback URL ignores --port CLI flag
## Description
OAuthState is initialized with `resolve_port()` (reads STORKIT_PORT env var, defaults to 3001) instead of the actual port the server is listening on. When the server is started with `--port 4000`, the OAuth callback URL is still generated as `http://localhost:3001/callback`, so the Anthropic redirect lands on the wrong server and the state parameter lookup fails with "Unknown or expired state parameter".
## How to Reproduce
Start storkit with `--port 4000` (without setting STORKIT_PORT env var). Click the OAuth login button in the web UI. Authenticate with Anthropic. The callback redirect goes to localhost:3001 instead of localhost:4000.
## Actual Result
Callback hits port 3001 (or wrong port). If a different storkit is running there, it returns "Invalid State". If nothing is running there, the page fails to load.
## Expected Result
Callback URL should use the actual server port (from --port CLI flag), so the redirect returns to the correct server instance.
## Acceptance Criteria
- [ ] build_routes receives the actual listening port and passes it to OAuthState::new
- [ ] OAuth callback URL matches the port the server is actually listening on
- [ ] Works with --port flag, STORKIT_PORT env var, and default port