feat(pipeline): Detect API-driven pipelines in existing callback URL#111455
Merged
evanpurkhiser merged 1 commit intoMar 31, 2026
Conversation
github-actions
Bot
added
the
Scope: Backend
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-pipeline-detect-api-driven-pipelines-in-existing-callback-url
branch
from
0079648 to
080ca64
Compare
Contributor
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-pipeline-detect-api-driven-pipelines-in-existing-callback-url
branch
from
080ca64 to
68cfd5f
Compare
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-pipeline-detect-api-driven-pipelines-in-existing-callback-url
branch
from
68cfd5f to
0b90acb
Compare
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-pipeline-detect-api-driven-pipelines-in-existing-callback-url
branch
from
0b90acb to
2f4d73f
Compare
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-pipeline-detect-api-driven-pipelines-in-existing-callback-url
branch
from
2f4d73f to
893d9dd
Compare
evanpurkhiser
commented
Mar 30, 2026
Comment on lines
+23
to
+44
| TRAMPOLINE_HTML = """\ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head><meta charset="utf-8"></head> | ||
| <body | ||
| style="margin:0;display:flex;align-items:center;justify-content:center;min-height:100vh; | ||
| font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif; | ||
| flex-direction:column;padding:2rem"> | ||
| <script type="module"> | ||
| const data = {data_json}; | ||
| if (window.opener) {{ | ||
| window.opener.postMessage(data, {origin}); | ||
| window.close(); | ||
| }} else {{ | ||
| document.getElementById("fallback").style.display = "flex"; | ||
| }} | ||
| </script> | ||
| <div id="fallback" style="display:none;flex-direction:column;align-items:center;gap:1.5rem;max-width:600px"> | ||
| <p style="font-size:1.1rem;margin:0">Unable to continue. Please restart the flow.</p> | ||
| </div> | ||
| </body> | ||
| </html>""" |
Member
Author
There was a problem hiding this comment.
Could probably move this to a template if we really want. but the idea here is it should be extremely minimal since it's just piping the query parameters through to the frontend popup opener.
scttcper
approved these changes
Mar 30, 2026
wedamija
approved these changes
Mar 30, 2026
wedamija
left a comment
wedamija
left a comment
Member
There was a problem hiding this comment.
Why do we have to render a page here rather than returnings a json response and having the FE know how to deal with it?
Member
Author
Because this is happening in a popup window. This flow is from when the user is redirected to GitHub to authorize (or any other OAuth-ish identity provider). Once they authorize they are redirected back to a configured redirect URL (configured on githubs side). When redirected back if it was just a JSON response there's no way to get those details back to the frontend in the main window that's actually driving the pipeline APIs. |
Integration providers register callback URLs with external services (e.g. GitHub OAuth redirect). These URLs point to PipelineAdvancerView, which traditionally drives the pipeline server-side by calling pipeline.current_step() on each callback. For the new API-driven pipeline mode, we cannot change the callback URLs already registered with production integrations. Instead, this view now detects when a pipeline was initiated in API mode (api_mode flag in session state) and renders a lightweight trampoline page. The trampoline relays the callback URL query parameters (code, state, installation_id, etc.) back to the opener window via postMessage and closes itself. The frontend pipeline system then continues driving the pipeline via API endpoints. Refs VDY-36
evanpurkhiser
force-pushed
the
evanpurkhiser/feat-pipeline-detect-api-driven-pipelines-in-existing-callback-url
branch
from
893d9dd to
9a1871b
Compare
evanpurkhiser
deleted the
evanpurkhiser/feat-pipeline-detect-api-driven-pipelines-in-existing-callback-url
branch
dashed
pushed a commit
that referenced
this pull request
Apr 1, 2026
…111455) Integration providers register callback URLs with external services (e.g. GitHub OAuth redirect). These URLs point to PipelineAdvancerView, which traditionally drives the pipeline server-side by calling pipeline.current_step() on each callback. For the new API-driven pipeline mode, we cannot change the callback URLs already registered with production integrations. Instead, this view now detects when a pipeline was initiated in API mode (api_mode flag in session state) and renders a lightweight trampoline page. The trampoline relays the callback URL query parameters (code, state, installation_id, etc.) back to the opener window via postMessage and closes itself. The frontend pipeline system then continues driving the pipeline via API endpoints. Fixes [VDY-36](https://linear.app/getsentry/issue/VDY-36)
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Integration providers register callback URLs with external services
(e.g. GitHub OAuth redirect). These URLs point to PipelineAdvancerView,
which traditionally drives the pipeline server-side by calling
pipeline.current_step() on each callback.
For the new API-driven pipeline mode, we cannot change the callback URLs
already registered with production integrations. Instead, this view now
detects when a pipeline was initiated in API mode (api_mode flag in
session state) and renders a lightweight trampoline page. The trampoline
relays the callback URL query parameters (code, state, installation_id,
etc.) back to the opener window via postMessage and closes itself. The
frontend pipeline system then continues driving the pipeline via API
endpoints.
Fixes VDY-36