[ES-2743] added state in fetch user info

[zesu22]

Summary by CodeRabbit

• Bug Fixes
  • Enhanced OAuth authentication flow to correctly manage state parameters during login, improving authentication reliability and security in the user authentication process.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

OAuth state parameter handling is introduced in the UserProfile component. The state value is read from the URL query string and threaded through the login flow, passing from getUserDetails to post_fetchUserInfo as an additional parameter.

Changes

Cohort / File(s)	Summary
OAuth state parameter threading mock-relying-party-ui-esim/src/pages/UserProfile.js	Updated getUserDetails to accept and forward state parameter from URL query string through the authentication flow to post_fetchUserInfo

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Verify state parameter is correctly extracted from the URL query string
• Confirm state is properly passed through the function call chain without mutation
• Check that existing authentication logic remains unaffected by the additional parameter

Poem

🐰 A state of mind, now in the flow,
Through OAuth's gate we leap and go,
The parameter hops from URL to view,
Authentication fresh and new! 🔐✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly describes the main change: adding state parameter handling to the fetch user info flow, which is clearly reflected in the code modifications.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b2ba4d and cb6acf8.

📒 Files selected for processing (1)

• mock-relying-party-ui-esim/src/pages/UserProfile.js

🧰 Additional context used

🧬 Code graph analysis (1)

mock-relying-party-ui-esim/src/pages/UserProfile.js (3)

mock-relying-party-ui-esim/src/constants/clientDetails.js (1)

• state (17-17)

mock-relying-party-ui-esim/src/hooks/useExternalScript.js (1)

• state (4-4)

mock-relying-party-ui-esim/src/pages/Home.js (1)

• state (11-11)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: mock-identity-system / build-dockers
• GitHub Check: mock-relying-party-ui-esim / build-dockers
• GitHub Check: mock-relying-party-ui / build-dockers
• GitHub Check: Analyze (java-kotlin)

🔇 Additional comments (2)

mock-relying-party-ui-esim/src/pages/UserProfile.js (2)

50-51: Ensure state is validated before fetching user details.

The state parameter is passed to getUserDetails without validation. State validation should occur immediately after reading from the URL (before line 50) to fail fast and prevent unnecessary API calls with potentially tampered parameters.

As noted in the previous comment, please verify that state validation is implemented.

---

60-74: Confirm state parameter inclusion in userinfo request.

The post_fetchUserInfo function sends the state parameter in the request body to the userinfo endpoint (line 77), which deviates from standard OAuth 2.0 and OpenID Connect specifications. The Access Token from OpenID Connect should be sent as a Bearer Token in the request, typically via the Authorization header, with no state parameter included.

Verify with your authorization server implementation whether the state parameter is actually required. If not, remove state from the request and validate it client-side before calling post_fetchUserInfo.