Smaller Neon fixes

apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/idp.ts

@@ -168,9 +168,6 @@ function createPrismaAdapter(idpId: string) {
   });
 }
 
-// TODO: add stateful session management
-
-
 export async function createOidcProvider(options: { id: string, baseUrl: string }) {
   const privateJwk = await getPrivateJwk(getPerAudienceSecret({
     audience: `https://idp-jwk-audience.stack-auth.com/${encodeURIComponent(options.id)}`,
@@ -186,9 +183,7 @@ export async function createOidcProvider(options: { id: string, baseUrl: string
   const oidc = new Provider(options.baseUrl, {
     adapter: createPrismaAdapter(options.id),
     clients: JSON.parse(getEnvVariable("STACK_NEON_INTEGRATION_CLIENTS_CONFIG", "[]")),
-    ttl: {
-      Session: 60, // we always want to ask for login again, though the session needs to survive for a bit during the token exchange
-    },
+    ttl: {},
     cookies: {
       keys: [
         await sha512(`oidc-idp-cookie-encryption-key:${getEnvVariable("STACK_SERVER_SECRET")}`),
@@ -272,6 +267,22 @@ export async function createOidcProvider(options: { id: string, baseUrl: string
           ctx.type = 'text/html';
           ctx.body = `
             <html>
+              <head>
+                <title>Redirecting... — Stack Auth</title>
+                <style id="gradient-style">
+                  body {
+                    color: white;
+                    background-image: linear-gradient(45deg, #000, #444, #000, #444, #000, #444, #000);
+                    background-size: 400% 400%;
+                    background-repeat: no-repeat;
+                    animation: celebrate-gradient 60s linear infinite;
+                  }
+                  @keyframes celebrate-gradient {
+                    0% { background-position: 0% 100%; }
+                    100% { background-position: 100% 0%; }
+                  }
+                </style>
+              </head>
               <body>
                 <form id="continue-form" method="POST">
                   If you are not redirected, please press the button below.<br>
@@ -281,6 +292,7 @@ export async function createOidcProvider(options: { id: string, baseUrl: string
                   document.getElementById('continue-form').style.visibility = 'hidden';
                   document.getElementById('continue-form').submit();
                   setTimeout(() => {
+                    document.getElementById('gradient-style').remove();
                     document.getElementById('continue-form').style.visibility = 'visible';
                   }, 3000);
                 </script>

apps/backend/src/app/api/v1/integrations/neon/oauth/idp/[[...route]]/route.tsx

@@ -45,8 +45,22 @@ const handler = handleApiRequest(async (req: NextRequest) => {
 
   const body = new Uint8Array(serverResponse.bodyChunks.flatMap(chunk => [...chunk]));
 
+  let headers: [string, string][] = [];
+  for (const [k, v] of Object.entries(serverResponse.getHeaders())) {
+    if (Array.isArray(v)) {
+      for (const vv of v) {
+        headers.push([k, vv]);
+      }
+    } else {
+      headers.push([k, `${v}`]);
+    }
+  }
+
+  // filter out session cookies; we don't want to keep sessions open, every OAuth flow should start a new session
+  headers = headers.filter(([k, v]) => k !== "set-cookie" || !v.toString().match(/^_session\.?/));
+
   return new NextResponse(body, {
-    headers: Object.entries(serverResponse.getHeaders()).filter(([k, v]) => v) as any,
+    headers: headers,
     status: {
       // our API never returns 301 or 302 by convention, so transform them to 307 or 308
       301: 308,

apps/dashboard/src/app/(main)/integrations/neon/confirm/neon-confirm-card.tsx

@@ -106,7 +106,7 @@ export default function NeonConfirmCard(props: { onContinue: (options: { project
       </CardContent>
       <CardFooter className="flex justify-end mt-4">
         <div className="flex gap-2 justify-center">
-          <Button variant="secondary" onClick={() => { router.back(); }}>
+          <Button variant="secondary" onClick={() => { window.close(); }}>
             Cancel
           </Button>
           <Button disabled={!selectedProject} onClick={async () => {

apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts

@@ -82,7 +82,6 @@ async function authorize(projectId: string) {
         "status": 303,
         "body": "Redirecting to <a href=\\"http://localhost:8102/api/v1/integrations/neon/oauth/idp/interaction/<stripped interaction UID>\\">http://localhost:8102/api/v1/integrations/neon/oauth/idp/interaction/<stripped interaction UID></a>.",
         "headers": Headers {
-          "content-length": "211",
           "location": "http://localhost:8102/api/v1/integrations/neon/oauth/idp/interaction/<stripped interaction UID>",
           "set-cookie": <setting cookie "_interaction" at path "/api/v1/integrations/neon/oauth/idp/interaction/<stripped interaction UID>" to <stripped cookie value>>,
           "set-cookie": <setting cookie "_interaction.sig" at path "/api/v1/integrations/neon/oauth/idp/interaction/<stripped interaction UID>" to <stripped cookie value>>,
@@ -95,7 +94,6 @@ async function authorize(projectId: string) {
         "status": 307,
         "body": "http://localhost:8101/integrations/neon/confirm?interaction_uid=%3Cstripped+query+param%3E&amp=",
         "headers": Headers {
-          "content-length": "287",
           "location": "http://localhost:8101/integrations/neon/confirm?interaction_uid=%3Cstripped+query+param%3E&neon_project_display_name=neon-project",
           <some fields may have been hidden>,
         },
@@ -125,16 +123,12 @@ async function authorize(projectId: string) {
     [
       NiceResponse {
         "status": 200,
-        "body": "\\n            <html>\\n              <body>\\n                <form id=\\"continue-form\\" method=\\"POST\\">\\n                  If you are not redirected, please press the button below.<br>\\n                  <input type=\\"submit\\" value=\\"Continue\\">\\n                </form>\\n                <script>\\n                  document.getElementById('continue-form').style.visibility = 'hidden';\\n                  document.getElementById('continue-form').submit();\\n                  setTimeout(() => {\\n                    document.getElementById('continue-form').style.visibility = 'visible';\\n                  }, 3000);\\n                </script>\\n              </body>\\n            </html>\\n          ",
-        "headers": Headers {
-          "content-length": "674",
-          <some fields may have been hidden>,
-        },
+        "body": "\\n            <html>\\n              <head>\\n                <title>Redirecting... — Stack Auth</title>\\n                <style id=\\"gradient-style\\">\\n                  body {\\n                    color: white;\\n                    background-image: linear-gradient(45deg, #000, #444, #000, #444, #000, #444, #000);\\n                    background-size: 400% 400%;\\n                    background-repeat: no-repeat;\\n                    animation: celebrate-gradient 60s linear infinite;\\n                  }\\n                  @keyframes celebrate-gradient {\\n                    0% { background-position: 0% 100%; }\\n                    100% { background-position: 100% 0%; }\\n                  }\\n                </style>\\n              </head>\\n              <body>\\n                <form id=\\"continue-form\\" method=\\"POST\\">\\n                  If you are not redirected, please press the button below.<br>\\n                  <input type=\\"submit\\" value=\\"Continue\\">\\n                </form>\\n                <script>\\n                  document.getElementById('continue-form').style.visibility = 'hidden';\\n                  document.getElementById('continue-form').submit();\\n                  setTimeout(() => {\\n                    document.getElementById('gradient-style').remove();\\n                    document.getElementById('continue-form').style.visibility = 'visible';\\n                  }, 3000);\\n                </script>\\n              </body>\\n            </html>\\n          ",
+        "headers": Headers { <some fields may have been hidden> },
       },
       NiceResponse {
         "status": 303,
         "headers": Headers {
-          "content-length": "0",
           "location": "http://localhost:8102/api/v1/integrations/neon/oauth/idp/auth/<stripped auth UID>",
           <some fields may have been hidden>,
         },
@@ -143,14 +137,9 @@ async function authorize(projectId: string) {
         "status": 303,
         "body": "http://localhost:30000/api/v2/identity/authorize?code=%3Cstripped+query+param%3E&amp=",
         "headers": Headers {
-          "content-length": "545",
           "location": "http://localhost:30000/api/v2/identity/authorize?code=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&iss=http%3A%2F%2Flocalhost%3A8102%2Fapi%2Fv1%2Fintegrations%2Fneon%2Foauth%2Fidp",
           "set-cookie": <setting cookie "_interaction_resume" at path "/api/v1/integrations/neon/oauth/idp/auth/<stripped auth UID>" to <stripped cookie value>>,
           "set-cookie": <setting cookie "_interaction_resume.sig" at path "/api/v1/integrations/neon/oauth/idp/auth/<stripped auth UID>" to <stripped cookie value>>,
-          "set-cookie": <setting cookie "_session" at path "/" to <stripped cookie value>>,
-          "set-cookie": <setting cookie "_session.sig" at path "/" to <stripped cookie value>>,
-          "set-cookie": <setting cookie "_session.legacy" at path "/" to <stripped cookie value>>,
-          "set-cookie": <setting cookie "_session.legacy.sig" at path "/" to <stripped cookie value>>,
           <some fields may have been hidden>,
         },
       },

apps/e2e/tests/snapshot-serializer.ts

@@ -12,6 +12,7 @@ const hideHeaders = [
   "connection",
   "content-security-policy",
   "content-type",
+  "content-length",
   "cross-origin-opener-policy",
   "date",
   "keep-alive",