Skip to content

Fix: RAR not showing project selector#3102

Open
Meldiron wants to merge 1 commit into
mainfrom
fix-rar
Open

Fix: RAR not showing project selector#3102
Meldiron wants to merge 1 commit into
mainfrom
fix-rar

Conversation

@Meldiron

@Meldiron Meldiron commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

(Provide a description of what this PR does.)

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work.)

Related PRs and Issues

(If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.)

Have you read the Contributing Guidelines on issues?

(Write your answer here.)

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

When an OAuth2 client requests project or organization scopes but omits authorization_details entirely, the consent screen previously computed an empty identifiers list and hid the resource picker. This PR fixes that by falling back to ['*'] (the wildcard identifier) whenever scopes are requested but no identifiers are bound, ensuring the picker is always shown.

  • projectIdentifiers and organizationIdentifiers are now computed with $derived.by(), injecting WILDCARD_IDENTIFIER when scopes are requested but no RAR entries are present, so projectRequested/organizationRequested evaluate to true and the ResourceSelector is rendered.
  • The authorizationDetails condition in approve() is updated from details.length > 0 to projectRequested || organizationRequested, so the serialized binding is always sent to the server when a tier is active.

Confidence Score: 5/5

Safe to merge — the change is narrowly scoped to the consent screen's identifier derivation and has no side effects on auth logic or data persistence.

The fix is small and well-contained: two $derived.by() blocks replace two simple $derived expressions, the ResourceSelector already has first-class wildcard support, name resolution correctly skips '', and serializeGrantedDetails already handles [''] as a valid identifier array. The updated approve() condition correctly mirrors the new projectRequested semantics.

No files require special attention.

Important Files Changed

Filename Overview
src/routes/(public)/oauth2/consent-card.svelte Fixes missing project/organization resource picker when scopes are requested without accompanying authorization_details; falls back to wildcard identifier so the selector always renders

Reviews (1): Last reviewed commit: "Fix RAR not showing project selector" | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant