revert(oauth): drop cross-field customCallbackUrl enforcement at override endpoint

Reverts the explicit getCrossFieldConfigOverrideError check in the config override write path and removes the e2e test that exercised it.
2026-06-04 21:04:37 +08:00 · 2026-05-28 11:55:10 -07:00 · 2026-05-28 11:55:10 -07:00 · 0a28be96ec
commit 0a28be96ec
parent 72ef96db74
2 changed files with 1 additions and 32 deletions
--- a/apps/backend/src/app/api/latest/internal/config/override/[level]/route.tsx
+++ b/apps/backend/src/app/api/latest/internal/config/override/[level]/route.tsx
@ -16,7 +16,7 @@ import { assertConfigOverrideWriteAllowed } from "@/lib/development-environment"
 import { enqueueExternalDbSync } from "@/lib/external-db-sync-queue";
 import { globalPrismaClient, rawQuery } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
-import { branchConfigSchema, environmentConfigSchema, getConfigOverrideErrors, getCrossFieldConfigOverrideError, migrateConfigOverride, projectConfigSchema } from "@stackframe/stack-shared/dist/config/schema";
+import { branchConfigSchema, environmentConfigSchema, getConfigOverrideErrors, migrateConfigOverride, projectConfigSchema } from "@stackframe/stack-shared/dist/config/schema";
 import { adaptSchema, branchConfigSourceSchema, serverOrHigherAuthTypeSchema, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { HexclaveAssertionError, StatusError, captureError } from "@stackframe/stack-shared/dist/utils/errors";
 import * as yup from "yup";
@ -227,13 +227,6 @@ async function parseAndValidateConfig(
    throw new StatusError(StatusError.BadRequest, overrideError.error);
  }

-  // Cross-field constraints can't be expressed in the per-field override schema
-  // (see getCrossFieldConfigOverrideError), so enforce them explicitly here.
-  const crossFieldError = getCrossFieldConfigOverrideError(migratedConfig);
-  if (crossFieldError !== null) {
-    throw new StatusError(StatusError.BadRequest, crossFieldError);
-  }
-
  return migratedConfig;
 }

--- a/apps/e2e/tests/backend/endpoints/api/v1/internal/config.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/internal/config.test.ts
@ -427,30 +427,6 @@ describe("oauth config", () => {
    `);
  });

-  it("rejects customCallbackUrl on a shared oauth provider", async ({ expect }) => {
-    const { adminAccessToken } = await Project.createAndSwitch();
-
-    const response = await niceBackendFetch("/api/v1/internal/config/override/environment", {
-      method: "PATCH",
-      accessType: "admin",
-      headers: adminHeaders(adminAccessToken),
-      body: {
-        config_override_string: JSON.stringify({
-          'auth.oauth.providers.google': {
-            type: 'google',
-            isShared: true,
-            customCallbackUrl: 'https://api.hexclave.com/api/v1/auth/oauth/callback/google',
-            allowSignIn: true,
-            allowConnectedAccounts: true,
-          },
-        }),
-      },
-    });
-
-    expect(response.status).toBe(400);
-    expect(response.body).toContain("customCallbackUrl");
-  });
-
  it("accepts customCallbackUrl on a standard oauth provider", async ({ expect }) => {
    const { adminAccessToken } = await Project.createAndSwitch();