Skip to content

Redesign connection attribute configuration and add claim-driven user type resolution#3906

Open
sadilchamishka wants to merge 1 commit into
thunder-id:mainfrom
sadilchamishka:feat/attribute-configuration-resolution
Open

Redesign connection attribute configuration and add claim-driven user type resolution#3906
sadilchamishka wants to merge 1 commit into
thunder-id:mainfrom
sadilchamishka:feat/attribute-configuration-resolution

Conversation

@sadilchamishka

@sadilchamishka sadilchamishka commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Purpose

The connection Attributes tab only supported a single default user type and one flat list of attribute mappings, with no way to derive the user type from a claim and no UI for account linking. This redesigns the tab (per the "Attribute Configuration" design) into three sections and extends the backend to support claim-driven resolution.

Approach

Backend

  • UserTypeResolution gains externalAttribute + valueMapping (external value → local user type), alongside the existing default fallback. Non-breaking (omitempty).
  • GetMappedUserType/GetAttributeMappings (internal/idp/utils.go) resolve the user type from the given claims when configured, falling back to default.
  • New validation in idpService.validateAttributeConfiguration: external attribute and value mapping must be set together, entries can't be empty, and every mapped user type must be a valid, existing user type.
  • Scope is deliberately config-only: the resolved user type still only selects which attribute-mapping profile applies (as before) — it is not yet wired into JIT provisioning to assign the federated user's actual type.

Frontend

  • AttributeMappingSection rebuilt into three cards: User type resolution (static default, or a toggle revealing an external attribute + value mapping table), Attribute mappings (repeatable per-user-type mapping groups), Account linking (AND-combined external attributes).
  • UX refinements: the whole resolution section (and the per-group user type dropdown) is hidden when the system has only one user type — nothing to choose. Column headers replace repeated per-row field labels. Value-mapping rows are opt-in (not auto-seeded) since they're only needed when a claim's raw value doesn't already match a user type name.
  • The attribute-mapping step is removed from both create wizards (custom + branded/vendor) — the redesigned section now applies only to editing an existing connection.

Related Issues

  • N/A

Related PRs

  • N/A

Checklist

  • Followed the contribution guidelines.
  • Manual test round performed and verified.
  • Documentation provided.
  • Tests provided.
    • Unit Tests
    • Integration Tests
  • Breaking changes.

Security checks

  • Followed secure coding standards in WSO2 Secure Coding Guidelines
  • Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets.

Summary by CodeRabbit

  • New Features

    • Added claim-driven user-type resolution during federated sign-in, with configurable value mappings and default fallback.
    • Introduced multi-user-type attribute mapping groups and configurable account linking attributes.
    • Updated the connection attribute configuration UI to separate user-type resolution, per-user-type mappings, and account linking.
  • Bug Fixes

    • Improved validation for dynamic resolution completeness, empty mapping values, and invalid resolved user types.
    • Applied claim-driven attribute mappings consistently wherever mappings are derived.
  • Improvements

    • Simplified connection creation flow by removing the separate attribute-mapping wizard step.

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Warning

Review limit reached

@sadilchamishka, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 11 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 9b129433-e9c7-4cda-9fb6-a6791e3f0723

📥 Commits

Reviewing files that changed from the base of the PR and between ae1cd0c and 53c0239.

📒 Files selected for processing (22)
  • backend/internal/authn/oauth/service.go
  • backend/internal/idp/service.go
  • backend/internal/idp/service_test.go
  • backend/internal/idp/utils.go
  • backend/internal/idp/utils_test.go
  • backend/internal/oauth/oauth2/tokenservice/validator.go
  • backend/internal/system/i18n/core/defaults.go
  • backend/pkg/thunderidengine/providers/model.go
  • frontend/packages/configure-connections/src/components/AttributeMappingSection.tsx
  • frontend/packages/configure-connections/src/components/__tests__/AttributeMappingSection.test.tsx
  • frontend/packages/configure-connections/src/components/create-connection/ConnectionAttributeMappingStep.tsx
  • frontend/packages/configure-connections/src/components/create-connection/__tests__/ConnectionAttributeMappingStep.test.tsx
  • frontend/packages/configure-connections/src/index.ts
  • frontend/packages/configure-connections/src/models/connection.ts
  • frontend/packages/configure-connections/src/pages/ConnectionConfigureWizardPage.tsx
  • frontend/packages/configure-connections/src/pages/ConnectionCreateWizardPage.tsx
  • frontend/packages/configure-connections/src/pages/ConnectionDetailPage.tsx
  • frontend/packages/configure-connections/src/pages/__tests__/ConnectionConfigureWizardPage.test.tsx
  • frontend/packages/configure-connections/src/pages/__tests__/ConnectionCreateWizardPage.test.tsx
  • frontend/packages/configure-connections/src/utils/__tests__/attributeConfiguration.test.ts
  • frontend/packages/configure-connections/src/utils/attributeConfiguration.ts
  • frontend/packages/i18n/src/locales/en-US.ts
📝 Walkthrough

Walkthrough

The PR adds claim-driven user-type resolution, grouped attribute mappings, account-linking configuration, validation and runtime support, and a redesigned frontend editor. Connection creation no longer uses a separate attribute-mapping wizard step.

Changes

Attribute configuration and federated resolution

Layer / File(s) Summary
Configuration contracts and serialization
backend/pkg/..., frontend/packages/configure-connections/src/models/..., frontend/packages/configure-connections/src/utils/...
Configuration models and conversion helpers support dynamic resolution, per-user-type mapping groups, and account-linking attributes.
Dynamic resolution validation
backend/internal/idp/..., backend/internal/system/i18n/...
IDP validation checks resolution fields, mapping entries, and referenced user types, with corresponding tests and messages.
Claim-aware mapping resolution
backend/internal/idp/utils.go, backend/internal/authn/oauth/service.go, backend/internal/oauth/oauth2/tokenservice/validator.go, backend/internal/idp/utils_test.go
Attribute mappings resolve user types from incoming claims, including nested claims, with default fallback behavior.
Multi-section mapping editor
frontend/packages/configure-connections/src/components/..., frontend/packages/i18n/src/locales/en-US.ts
The editor manages resolution settings, grouped mappings, dynamic value mappings, and account-linking rows with expanded validation and tests.
Connection creation and detail integration
frontend/packages/configure-connections/src/pages/..., frontend/packages/configure-connections/src/index.ts, frontend/packages/configure-connections/src/pages/__tests__/...
Connection creation removes the separate attribute-mapping step, and detail editing canonicalizes the full attribute configuration for dirty-state detection.

Estimated code review effort: 4 (Complex) | ~60 minutes

Sequence Diagram(s)

sequenceDiagram
  participant FederatedAuth
  participant GetAttributeMappings
  participant GetMappedUserType
  participant Claims
  FederatedAuth->>GetAttributeMappings: pass claims and IDP configuration
  GetAttributeMappings->>GetMappedUserType: resolve mapped user type
  GetMappedUserType->>Claims: read external or nested claim
  Claims-->>GetMappedUserType: claim value
  GetMappedUserType-->>GetAttributeMappings: mapped or default user type
  GetAttributeMappings-->>FederatedAuth: resolved attribute mappings
Loading

Possibly related PRs

  • thunder-id/thunderid#3676: Both changes affect federated-auth mapping inputs used by downstream account-linking resolution.

Suggested reviewers: jeradrutnam, brionmario, DonOmalVindula, thiva-k, rajithacharith

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately captures the main change: redesigning attribute configuration with claim-driven user type resolution.
Description check ✅ Passed The description follows the template and covers Purpose, Approach, related links, checklist items, and security checks with the main implementation details.
Docstring Coverage ✅ Passed Docstring coverage is 80.95% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR redesigns the Connections “Attributes” experience into an “Attribute Configuration” editor (user type resolution, per-user-type mappings, and account linking) and extends backend IDP attribute-configuration handling to support claim-driven user type resolution with additional validation.

Changes:

  • Frontend: rebuilds AttributeMappingSection into three cards (resolution, mappings by user type, account linking) and updates attribute-configuration mapping utilities + tests.
  • Frontend: removes the attribute-mapping step from both connection creation wizards and updates related wizard tests/i18n.
  • Backend: adds externalAttribute + valueMapping support to user type resolution, updates mapping resolution helpers, and adds validation + tests.

Reviewed changes

Copilot reviewed 20 out of 21 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
frontend/packages/i18n/src/locales/en-US.ts Updates labels and adds new copy for “Attribute Configuration” sections; removes wizard step copy.
frontend/apps/console/src/features/connections/utils/attributeConfiguration.ts Refactors form-state ↔ API conversion to support resolution/groups/linking.
frontend/apps/console/src/features/connections/utils/tests/attributeConfiguration.test.ts Updates/expands unit tests for new attribute-configuration mapping behavior.
frontend/apps/console/src/features/connections/pages/ConnectionDetailPage.tsx Updates dirty-checking canonicalization and embeds the redesigned section directly.
frontend/apps/console/src/features/connections/pages/ConnectionCreateWizardPage.tsx Removes attribute-mapping wizard step; creates connection at end of configure step.
frontend/apps/console/src/features/connections/pages/ConnectionConfigureWizardPage.tsx Removes attribute-mapping wizard step; simplifies to single-step create flow.
frontend/apps/console/src/features/connections/pages/tests/ConnectionCreateWizardPage.test.tsx Removes attribute-mapping step stubs aligned with the wizard simplification.
frontend/apps/console/src/features/connections/pages/tests/ConnectionConfigureWizardPage.test.tsx Updates wizard test to create directly with no attribute configuration.
frontend/apps/console/src/features/connections/models/connection.ts Extends attribute-configuration types with dynamic resolution + account linking.
frontend/apps/console/src/features/connections/components/create-connection/ConnectionAttributeMappingStep.tsx Removes the now-obsolete wizard step component.
frontend/apps/console/src/features/connections/components/create-connection/tests/ConnectionAttributeMappingStep.test.tsx Removes tests for the deleted wizard step component.
frontend/apps/console/src/features/connections/components/AttributeMappingSection.tsx Major rewrite into three-section editor with per-user-type groups and linking.
frontend/apps/console/src/features/connections/components/tests/AttributeMappingSection.test.tsx Updates component tests for new UI structure and behaviors.
backend/pkg/thunderidengine/providers/model.go Adds ExternalAttribute + ValueMapping to user-type resolution model.
backend/internal/system/i18n/core/defaults.go Adds backend validation error message keys for resolution validation.
backend/internal/oauth/oauth2/tokenservice/validator.go Updates attribute-mapping retrieval call site for new function signature.
backend/internal/idp/utils.go Updates user-type resolution and attribute-mapping selection to use claims.
backend/internal/idp/utils_test.go Adds/updates unit tests for claim-driven resolution behavior.
backend/internal/idp/service.go Adds validation for claim-driven user-type resolution configuration.
backend/internal/idp/service_test.go Adds tests for new validation rules and error handling.
backend/internal/authn/oauth/service.go Passes claims into attribute-mapping resolution in federated auth flow.
Files not reviewed (1)
  • backend/internal/system/i18n/core/defaults.go: Generated file

Comment thread frontend/packages/i18n/src/locales/en-US.ts Outdated
Comment thread backend/internal/idp/service.go
Comment thread backend/internal/idp/service.go
Comment thread backend/internal/idp/utils.go

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
frontend/apps/console/src/features/connections/pages/ConnectionDetailPage.tsx (1)

143-150: 🗄️ Data Integrity & Integration | 🔴 Critical | ⚡ Quick win

Clearing the whole attribute configuration is silently discarded on save.

editedAttr uses null (untouched) vs undefined (intentionally cleared to nothing) as distinct sentinels — attrDirty (line 139) relies on that distinction. But handleSave uses editedAttr ?? baselineAttr, which treats undefined the same as null and falls back to baselineAttr. If a user clears every group/default type/linking attribute for an existing connection, AttributeMappingSection's onChange (wired here at 276-283) reports config = undefined; attrDirty correctly shows unsaved changes, but handleSave then re-sends the old baselineAttr, so the "clear" is dropped without any error or feedback.

🐛 Preserve the null/undefined distinction in the save payload
-      attributeConfiguration: editedAttr ?? baselineAttr,
+      attributeConfiguration: editedAttr === null ? baselineAttr : editedAttr,

Also applies to: 276-283

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@frontend/apps/console/src/features/connections/pages/ConnectionDetailPage.tsx`
around lines 143 - 150, Preserve the null/undefined sentinel distinction when
constructing the save payload in handleSave: use baselineAttr only when
editedAttr is null, while passing undefined through to represent an
intentionally cleared configuration. Keep the onChange wiring for
AttributeMappingSection aligned with this behavior so attrDirty and the
submitted attributeConfiguration remain consistent.
🧹 Nitpick comments (1)
frontend/apps/console/src/features/connections/components/AttributeMappingSection.tsx (1)

208-214: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Hardcoded English aria-labels bypass i18n.

These three icon-only remove buttons use raw strings ("remove attribute mapping", "remove value mapping", "remove account linking attribute") instead of t(...), unlike every other label in this file. Screen-reader users on non-English locales will hear English text here.

♻️ Localize the remove-button aria-labels
-              aria-label="remove attribute mapping"
+              aria-label={t('attributeMapping.mappings.removeRow')}
-                        aria-label="remove value mapping"
+                        aria-label={t('attributeMapping.resolution.valueMapping.remove')}
-                  aria-label="remove account linking attribute"
+                  aria-label={t('attributeMapping.linking.remove')}

(add the corresponding keys to en-US.ts)

Also applies to: 501-507, 629-635

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@frontend/apps/console/src/features/connections/components/AttributeMappingSection.tsx`
around lines 208 - 214, Replace the hardcoded aria-labels on the remove buttons
in AttributeMappingSection, including the buttons near the mapping and
account-linking sections, with translated t(...) calls. Add corresponding
translation keys and English values to en-US.ts, preserving the existing label
meanings and interpolation style.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@backend/pkg/thunderidengine/providers/model.go`:
- Around line 728-729: Update the yaml tags on ExternalAttribute and
ValueMapping in the relevant model struct to use the camelCase names
externalAttribute and valueMapping, matching their JSON tags and the existing
AccountLinking convention.

In
`@frontend/apps/console/src/features/connections/components/AttributeMappingSection.tsx`:
- Around line 281-343: Guard the configuration-emitting useEffect until
useGetUserTypes() has resolved, so it cannot call onChange with incomplete
defaults while user types are still loading. Use the query’s loading/settled
state (for example, isLoading or isPending, as exposed by useGetUserTypes) in
the effect’s early-return condition and dependency array, while preserving
emission once the query resolves.

---

Outside diff comments:
In
`@frontend/apps/console/src/features/connections/pages/ConnectionDetailPage.tsx`:
- Around line 143-150: Preserve the null/undefined sentinel distinction when
constructing the save payload in handleSave: use baselineAttr only when
editedAttr is null, while passing undefined through to represent an
intentionally cleared configuration. Keep the onChange wiring for
AttributeMappingSection aligned with this behavior so attrDirty and the
submitted attributeConfiguration remain consistent.

---

Nitpick comments:
In
`@frontend/apps/console/src/features/connections/components/AttributeMappingSection.tsx`:
- Around line 208-214: Replace the hardcoded aria-labels on the remove buttons
in AttributeMappingSection, including the buttons near the mapping and
account-linking sections, with translated t(...) calls. Add corresponding
translation keys and English values to en-US.ts, preserving the existing label
meanings and interpolation style.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 4417d157-e395-457c-9d67-4220c50288fc

📥 Commits

Reviewing files that changed from the base of the PR and between 1a28497 and afc47f2.

📒 Files selected for processing (21)
  • backend/internal/authn/oauth/service.go
  • backend/internal/idp/service.go
  • backend/internal/idp/service_test.go
  • backend/internal/idp/utils.go
  • backend/internal/idp/utils_test.go
  • backend/internal/oauth/oauth2/tokenservice/validator.go
  • backend/internal/system/i18n/core/defaults.go
  • backend/pkg/thunderidengine/providers/model.go
  • frontend/apps/console/src/features/connections/components/AttributeMappingSection.tsx
  • frontend/apps/console/src/features/connections/components/__tests__/AttributeMappingSection.test.tsx
  • frontend/apps/console/src/features/connections/components/create-connection/ConnectionAttributeMappingStep.tsx
  • frontend/apps/console/src/features/connections/components/create-connection/__tests__/ConnectionAttributeMappingStep.test.tsx
  • frontend/apps/console/src/features/connections/models/connection.ts
  • frontend/apps/console/src/features/connections/pages/ConnectionConfigureWizardPage.tsx
  • frontend/apps/console/src/features/connections/pages/ConnectionCreateWizardPage.tsx
  • frontend/apps/console/src/features/connections/pages/ConnectionDetailPage.tsx
  • frontend/apps/console/src/features/connections/pages/__tests__/ConnectionConfigureWizardPage.test.tsx
  • frontend/apps/console/src/features/connections/pages/__tests__/ConnectionCreateWizardPage.test.tsx
  • frontend/apps/console/src/features/connections/utils/__tests__/attributeConfiguration.test.ts
  • frontend/apps/console/src/features/connections/utils/attributeConfiguration.ts
  • frontend/packages/i18n/src/locales/en-US.ts
💤 Files with no reviewable changes (2)
  • frontend/apps/console/src/features/connections/components/create-connection/tests/ConnectionAttributeMappingStep.test.tsx
  • frontend/apps/console/src/features/connections/components/create-connection/ConnectionAttributeMappingStep.tsx

Comment thread backend/pkg/thunderidengine/providers/model.go Outdated
@sadilchamishka sadilchamishka force-pushed the feat/attribute-configuration-resolution branch 2 times, most recently from c208f45 to ae1cd0c Compare July 10, 2026 14:39

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (1)
frontend/packages/configure-connections/src/components/AttributeMappingSection.tsx (1)

281-294: 🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Config can be emitted with dynamic-resolution fields dropped while user types are still loading.

effectiveResolveDynamic is derived from userTypeList, which defaults to [] until useGetUserTypes() resolves (L282, L289-294). The mount effect (L330-343) fires onChange unconditionally on every render, including before that query settles. During that window effectiveResolveDynamic is forced false even if the seeded initialConfig has dynamic resolution enabled, so toAttributeConfiguration omits externalAttribute/valueMapping from the emitted config. If this transient payload gets persisted (e.g., admin opens the tab and saves quickly, or ConnectionDetailPage's attrDirty toggles on this transient value), the connection's dynamic user-type resolution silently reverts to the static default. This is the same class of issue flagged in a prior review round on an earlier version of this component (different file path due to the package move) that was not resolved.

🐛 Proposed fix: skip emitting until the user-types query settles
   useEffect(() => {
+    if (userTypesQuery.isLoading) {
+      return;
+    }
     const config = toAttributeConfiguration({
       defaultUserType,
       resolveDynamic: effectiveResolveDynamic,
       externalAttribute,
       valueMapping: valueMapping.map((entry) => ({value: entry.value, userType: entry.userType})),
       groups: groups.map((group) => ({
         userType: group.userType,
         rows: group.rows.map((row) => ({externalAttribute: row.externalAttribute, localAttribute: row.localAttribute})),
       })),
       linking: linking.map((entry) => entry.value),
     });
     onChange(config, valid);
-  }, [defaultUserType, effectiveResolveDynamic, externalAttribute, valueMapping, groups, linking, valid, onChange]);
+  }, [
+    defaultUserType,
+    effectiveResolveDynamic,
+    externalAttribute,
+    valueMapping,
+    groups,
+    linking,
+    valid,
+    onChange,
+    userTypesQuery.isLoading,
+  ]);

Also applies to: 330-343

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@frontend/packages/configure-connections/src/components/AttributeMappingSection.tsx`
around lines 281 - 294, Prevent the mount/update effect from emitting
configuration while useGetUserTypes is still loading. In the effect around the
component’s onChange call, check the query’s loading/settled state and return
without invoking onChange until userTypesQuery has resolved; then derive
effectiveResolveDynamic and serialize the complete configuration, preserving
seeded dynamic-resolution fields during loading.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@frontend/packages/configure-connections/src/components/AttributeMappingSection.tsx`:
- Around line 319-328: Update the validation logic near groupHasContent and
valid to detect partially filled mapping rows and value-mapping entries,
including rows where exactly one of externalAttribute/localAttribute is
non-empty and entries where exactly one of value/userType is non-empty; include
these errors in valid so saving is blocked. Add corresponding error state and
helper text wiring in the row and value-mapping rendering components, using the
existing validation/error patterns, so each invalid partial entry clearly
identifies what must be completed.

In `@frontend/packages/configure-connections/src/models/connection.ts`:
- Around line 118-132: Complete the JSDoc for the AccountLinking interface by
replacing the truncated phrase “when its subject identifier does not” with a
grammatically complete description, such as “when its subject identifier does
not match an existing account.”

---

Duplicate comments:
In
`@frontend/packages/configure-connections/src/components/AttributeMappingSection.tsx`:
- Around line 281-294: Prevent the mount/update effect from emitting
configuration while useGetUserTypes is still loading. In the effect around the
component’s onChange call, check the query’s loading/settled state and return
without invoking onChange until userTypesQuery has resolved; then derive
effectiveResolveDynamic and serialize the complete configuration, preserving
seeded dynamic-resolution fields during loading.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 98f61453-2fdf-4f49-b94f-de8649483cf9

📥 Commits

Reviewing files that changed from the base of the PR and between afc47f2 and c208f45.

📒 Files selected for processing (20)
  • backend/internal/authn/oauth/service.go
  • backend/internal/idp/service.go
  • backend/internal/idp/service_test.go
  • backend/internal/idp/utils.go
  • backend/internal/idp/utils_test.go
  • backend/internal/oauth/oauth2/tokenservice/validator.go
  • backend/internal/system/i18n/core/defaults.go
  • backend/pkg/thunderidengine/providers/model.go
  • frontend/packages/configure-connections/src/components/AttributeMappingSection.tsx
  • frontend/packages/configure-connections/src/components/__tests__/AttributeMappingSection.test.tsx
  • frontend/packages/configure-connections/src/index.ts
  • frontend/packages/configure-connections/src/models/connection.ts
  • frontend/packages/configure-connections/src/pages/ConnectionConfigureWizardPage.tsx
  • frontend/packages/configure-connections/src/pages/ConnectionCreateWizardPage.tsx
  • frontend/packages/configure-connections/src/pages/ConnectionDetailPage.tsx
  • frontend/packages/configure-connections/src/pages/__tests__/ConnectionConfigureWizardPage.test.tsx
  • frontend/packages/configure-connections/src/pages/__tests__/ConnectionCreateWizardPage.test.tsx
  • frontend/packages/configure-connections/src/utils/__tests__/attributeConfiguration.test.ts
  • frontend/packages/configure-connections/src/utils/attributeConfiguration.ts
  • frontend/packages/i18n/src/locales/en-US.ts
✅ Files skipped from review due to trivial changes (1)
  • backend/internal/system/i18n/core/defaults.go
🚧 Files skipped from review as they are similar to previous changes (8)
  • backend/internal/authn/oauth/service.go
  • frontend/packages/i18n/src/locales/en-US.ts
  • backend/pkg/thunderidengine/providers/model.go
  • backend/internal/oauth/oauth2/tokenservice/validator.go
  • backend/internal/idp/utils.go
  • backend/internal/idp/service_test.go
  • backend/internal/idp/service.go
  • backend/internal/idp/utils_test.go

Comment thread frontend/packages/configure-connections/src/models/connection.ts
@sadilchamishka sadilchamishka force-pushed the feat/attribute-configuration-resolution branch from ae1cd0c to b0ec550 Compare July 10, 2026 14:57
… type resolution

Reworks the connection Attributes tab into three sections: user type
resolution (static default, or claim-driven via an external attribute
and value mapping), per-user-type attribute mappings, and account
linking. Extends the backend UserTypeResolution model and validation
to support the claim-driven case. Removes the attribute-mapping step
from the create/configure wizards, since the redesigned section now
only applies to editing an existing connection.
@sadilchamishka sadilchamishka force-pushed the feat/attribute-configuration-resolution branch from b0ec550 to 53c0239 Compare July 10, 2026 15:16
@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants