You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Both error surfaces shipped/touched in PR #128 and audited in #139 communicate the failure clearly but have no clickable affordance to retry or return. The user's only option is browser back, which itself trips into issue 1.
Affected pages
pds-core/oauth/epds-callback — "Your sign-in took too long to complete and timed out. Please start sign-in again."
Where it isn't, link to the originating client's homepage if recoverable, or at minimum a "Restart sign-in" button that reinitiates the flow on the same auth surface.
Notes
Without a CTA, the copy "Please start sign-in again" gives the user no actual way to do that.
Summary
Both error surfaces shipped/touched in PR #128 and audited in #139 communicate the failure clearly but have no clickable affordance to retry or return. The user's only option is browser back, which itself trips into issue 1.
Affected pages
pds-core/oauth/epds-callback— "Your sign-in took too long to complete and timed out. Please start sign-in again."auth-service/auth/complete— "Authentication session expired. Please try again."(Both render via
packages/shared/src/render-error.tsper #139's audit.)Expected
A primary action on each page that returns the user to a sensible restart point:
clientId/redirect_uriis in scope, link back to the client (mirrors the RFC 6749 §4.1.2.1 redirect path PR fix: graceful OAuth error when PAR has expired (no more raw JSON leak) #128 uses when the PAR row was readable).Notes
renderError's shared API).