Skip to content

Add loader on OAuth2 consent page submit#1452

Draft
gearnode wants to merge 2 commits into
mainfrom
cursor/oauth2-consent-loader-1921
Draft

Add loader on OAuth2 consent page submit#1452
gearnode wants to merge 2 commits into
mainfrom
cursor/oauth2-consent-loader-1921

Conversation

@gearnode

@gearnode gearnode commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

On the OAuth2 consent page, clicking Allow or Deny now shows a loading spinner on the clicked button while the mutation runs. After a successful response, the form is replaced with a full-page redirect screen that names the application and shows a spinner while the browser navigates to the OAuth callback URL. This prevents double submits and gives clearer feedback during slow redirects.

Changes

  • Track a pendingAction state while the mutation is in flight; disable both buttons and show a spinner on the active one
  • After success with a redirectURL, show a full-page state:
    • Allow: "Authorization Complete" + "You will be redirected to {app name}…"
    • Deny: "Access Denied" + "You will be redirected to {app name}…"
  • Navigate to the callback URL via useEffect once the redirect screen is shown
  • Reset pending state only on mutation errors

Test plan

  • Open the OAuth2 consent page (/auth/consent?consent_id=…)
  • Click Allow — spinner on Allow during mutation, then redirect screen with app name
  • Confirm redirect completes without duplicate consent submissions
  • Click Deny — spinner on Deny during mutation, then redirect screen with app name
  • Simulate a mutation error — buttons re-enable and toast is shown

Linear Issue: ENG-579

Open in Web Open in Cursor 

Summary by cubic

Adds a loading state and a post-submit redirect screen to the OAuth2 consent page. Meets Linear ENG-579 by preventing double submits and showing clear feedback during the OAuth redirect.

App: console +51 -9

  • Track pendingAction to block repeat clicks and disable both buttons
  • Show per-button loading spinners; keep until redirect
  • After success, replace form with a spinner redirect screen naming the app; navigate via window.location in useEffect
  • Reset pending only on errors; remove isInFlight

Written for commit f9f1ce5. Summary will update on new commits.

Review in cubic

cursoragent and others added 2 commits July 2, 2026 15:03
Track a pending allow/deny action with Button loading spinners so
users cannot double-submit while the approveConsent mutation runs or
while the browser waits on the OAuth callback redirect.

Signed-off-by: Cursor Agent <[email protected]>

Co-authored-by: Bryan FRIMIN <[email protected]>
After allow or deny succeeds, replace the consent form with a full-page
redirect message naming the application and a spinner while the browser
navigates to the OAuth callback URL.

Signed-off-by: Cursor Agent <[email protected]>

Co-authored-by: Bryan FRIMIN <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants