From 9e7bd338227bbf37c9390e9a850142e5d77bfe40 Mon Sep 17 00:00:00 2001 From: dave Date: Tue, 31 Mar 2026 10:49:23 +0000 Subject: [PATCH] storkit: create 449_bug_oauth_callback_url_ignores_port_cli_flag --- ...auth_callback_url_ignores_port_cli_flag.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .storkit/work/1_backlog/449_bug_oauth_callback_url_ignores_port_cli_flag.md diff --git a/.storkit/work/1_backlog/449_bug_oauth_callback_url_ignores_port_cli_flag.md b/.storkit/work/1_backlog/449_bug_oauth_callback_url_ignores_port_cli_flag.md new file mode 100644 index 00000000..63b1a9ba --- /dev/null +++ b/.storkit/work/1_backlog/449_bug_oauth_callback_url_ignores_port_cli_flag.md @@ -0,0 +1,27 @@ +--- +name: "OAuth callback URL ignores --port CLI flag" +--- + +# Bug 449: OAuth callback URL ignores --port CLI flag + +## Description + +OAuthState is initialized with `resolve_port()` (reads STORKIT_PORT env var, defaults to 3001) instead of the actual port the server is listening on. When the server is started with `--port 4000`, the OAuth callback URL is still generated as `http://localhost:3001/callback`, so the Anthropic redirect lands on the wrong server and the state parameter lookup fails with "Unknown or expired state parameter". + +## How to Reproduce + +Start storkit with `--port 4000` (without setting STORKIT_PORT env var). Click the OAuth login button in the web UI. Authenticate with Anthropic. The callback redirect goes to localhost:3001 instead of localhost:4000. + +## Actual Result + +Callback hits port 3001 (or wrong port). If a different storkit is running there, it returns "Invalid State". If nothing is running there, the page fails to load. + +## Expected Result + +Callback URL should use the actual server port (from --port CLI flag), so the redirect returns to the correct server instance. + +## Acceptance Criteria + +- [ ] build_routes receives the actual listening port and passes it to OAuthState::new +- [ ] OAuth callback URL matches the port the server is actually listening on +- [ ] Works with --port flag, STORKIT_PORT env var, and default port