Skip to content

feat(web-ui): SSO login + web UI polish + docs#572

Merged
yaozheng-fang merged 4 commits into
mainfrom
feat/web-ui-sso
Jun 3, 2026
Merged

feat(web-ui): SSO login + web UI polish + docs#572
yaozheng-fang merged 4 commits into
mainfrom
feat/web-ui-sso

Conversation

@yaozheng-fang
Copy link
Copy Markdown
Collaborator

@yaozheng-fang yaozheng-fang commented Jun 1, 2026

What

Builds on the merged A2UI web UI (veadk frontend) with SSO, a richer chat UI, and docs.

SSO / auth

  • VeIdentity OAuth2: veadk frontend --oauth2-user-pool/-client (or --oauth2-*-uid, defaulting from OAUTH2_USER_POOL_ID / OAUTH2_USER_POOL_CLIENT_ID). The OAuth2 middleware protects the API but exempts the SPA shell + /web/auth-config, so the app renders its own login page instead of bouncing to the IdP. Identity comes from /oauth2/userinfo (sub) and drives the ADK user_id.
  • Config-driven providers: login buttons come from /web/auth-config (--oauth2-provider / --oauth2-provider-label; default label for veidentity is “火山引擎 Identity”).
  • No-SSO: the login page asks for a username (letters+digits, ≤16), stored locally and used as the user_id.
  • Local logout (clears the session, returns to the login page) — avoids needing the post-logout redirect URI whitelisted.

UX

  • Sessions are created lazily on the first message (not on page load); sidebar refreshes on new-chat/delete; loading overlay while opening a session.
  • Markdown messages, dashed sidebar, motion animations, janus-ee-style tool blocks, a two-pane trace viewer (span tree + detail), persistent copy on assistant messages.
  • Generic (non-A2UI) UI copy.

Fix

  • identity_client.get_user_pool passed uid= but the SDK request expects user_pool_uid= (broke SSO-by-UID).

Docs

  • framework/frontend/web-ui Authentication section (zh/en) + the new --oauth2-* flags.

Notes

  • The built UI ships in-package at veadk/webui (gitleaks allowlists it).
  • Examples/runtime artifacts intentionally excluded.

@yaozheng-fang
feat(a2ui): add VeIdentity SSO to the web UI
7325fa0 
- veadk frontend: optional --oauth2-user-pool / --oauth2-user-pool-client /
  --oauth2-redirect-uri flags wire VeIdentity OAuth2 (setup_oauth2); the API is
  protected while the SPA shell is served so the app can show its own login page.
- frontend: identity.ts resolves the signed-in user via /oauth2/userinfo (sub),
  a LobeHub-style login page when unauthenticated, ADK user_id now comes from the
  SSO identity (url-encoded in API paths), sidebar shows the user + logout.
  No SSO configured falls back to web-user for local dev.
@yaozheng-fang
feat(a2ui): config-driven SSO providers + chat UI polish
760d1ed 
SSO providers:
- veadk frontend: --oauth2-provider / --oauth2-provider-label flags; expose the
  configured provider(s) on GET /web/auth-config (unauthenticated). Exempt the
  SPA shell (/, /assets, /web/auth-config) from the OAuth2 middleware so the app
  loads and renders its own login page instead of being bounced to the IdP.
- login page renders a button per configured provider; falls back to a single
  login button.

UI polish:
- messages (user + assistant) render Markdown (GFM + code highlight) at ~14px.
- sidebar right border is now dashed.
- motion-based entrance/press animations (honors prefers-reduced-motion).
- tool-call block restyled to match the janus-ee extension (status dot, name,
  collapsible 参数/返回 sections).

Allowlist veadk/webui (built minified bundle) from gitleaks scanning.
@yaozheng-fang
feat(web-ui): SSO login, local username, lazy sessions, UI polish, docs
993ade0 
- Login page: config-driven provider buttons for SSO; a username input for the
  no-SSO case (the chosen name becomes the ADK user_id, stored locally).
- veadk frontend: --oauth2-provider/-label and pool/client UID flags (default
  from OAUTH2_USER_POOL_ID / OAUTH2_USER_POOL_CLIENT_ID); exempt the SPA shell +
  /web/auth-config from the OAuth2 middleware so the app shows its own login
  page; local logout (no IdP post-logout redirect needed).
- Sessions are created lazily on the first message (not on page load); the
  sidebar refreshes on new-chat/delete; a loading overlay shows while opening a
  session.
- UI polish: Markdown messages, dashed sidebar border, motion animations,
  janus-ee-style tool blocks, a two-pane trace viewer (span tree + detail), and
  a persistent copy button on assistant messages.
- Generic (non-A2UI) UI copy.
- Fix: identity_client.get_user_pool passed `uid=` but the SDK request expects
  `user_pool_uid=` (broke SSO-by-UID).
- Docs: web-ui Authentication section (zh/en).
@yaozheng-fang
feat(web-ui): default agents-dir to cwd (adk-style), generic README, …
47642ee 
…dev proxy

- veadk frontend: --agents-dir defaults to "." so you launch from the parent
  folder of your agent directories (like `adk web`) and every agent.py app
  populates the dropdown.
- frontend README rewritten as a general web UI (chat / sessions / tracing /
  auth), with A2UI as one feature rather than the focus.
- vite dev proxy also forwards /oauth2, /web, /debug for SSO/trace in dev.
@yaozheng-fang yaozheng-fang merged commit 9840e8b into main Jun 3, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@warm-wm warm-wm warm-wm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yaozheng-fang @warm-wm