feat(experience): add generic app access denied page#8897
Merged
charIeszhao merged 1 commit intoJun 2, 2026
Merged
Conversation
COMPARE TO
|
| Name | Diff |
|---|---|
| packages/core/src/middleware/koa-auto-consent.test.ts | 📈 +4.06 KB |
| packages/core/src/middleware/koa-auto-consent.ts | 📈 +673 Bytes |
| packages/core/src/routes/interaction/consent/index.ts | 📈 +46 Bytes |
| packages/core/src/tenants/Tenant.ts | 📈 +110 Bytes |
| packages/experience/src/pages/Consent/index.test.tsx | 📈 +3.08 KB |
| packages/experience/src/pages/Consent/index.tsx | 📈 +699 Bytes |
| packages/integration-tests/src/tests/api/application-access-control.test.ts | 📈 +262 Bytes |
| packages/phrases-experience/src/locales/ar/error/index.ts | 📈 +226 Bytes |
| packages/phrases-experience/src/locales/cs/error/index.ts | 📈 +179 Bytes |
| packages/phrases-experience/src/locales/de/error/index.ts | 📈 +191 Bytes |
| packages/phrases-experience/src/locales/en/error/index.ts | 📈 +175 Bytes |
| packages/phrases-experience/src/locales/es/error/index.ts | 📈 +181 Bytes |
| packages/phrases-experience/src/locales/fr/error/index.ts | 📈 +198 Bytes |
| packages/phrases-experience/src/locales/it/error/index.ts | 📈 +174 Bytes |
| packages/phrases-experience/src/locales/ja/error/index.ts | 📈 +217 Bytes |
| packages/phrases-experience/src/locales/ko/error/index.ts | 📈 +191 Bytes |
| packages/phrases-experience/src/locales/pl-pl/error/index.ts | 📈 +177 Bytes |
| packages/phrases-experience/src/locales/pt-br/error/index.ts | 📈 +183 Bytes |
| packages/phrases-experience/src/locales/pt-pt/error/index.ts | 📈 +180 Bytes |
| packages/phrases-experience/src/locales/ru/error/index.ts | 📈 +240 Bytes |
| packages/phrases-experience/src/locales/th/error/index.ts | 📈 +338 Bytes |
| packages/phrases-experience/src/locales/tr-tr/error/index.ts | 📈 +166 Bytes |
| packages/phrases-experience/src/locales/uk-ua/error/index.ts | 📈 +262 Bytes |
| packages/phrases-experience/src/locales/zh-cn/error/index.ts | 📈 +135 Bytes |
| packages/phrases-experience/src/locales/zh-hk/error/index.ts | 📈 +132 Bytes |
| packages/phrases-experience/src/locales/zh-tw/error/index.ts | 📈 +138 Bytes |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a terminal generic access-denied state to the Sign-in Experience consent flow for app-level access control denials.
Changes:
- Detects
oidc.access_deniederrors from consent info loading and consent submission. - Renders a navbar-hidden
ErrorPagewith generic access-denied copy instead of leaving the user in the normal consent flow. - Adds unit tests and localized phrases for the new error state.
Reviewed changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
packages/experience/src/pages/Consent/index.tsx |
Adds access-denied handling and terminal error page rendering. |
packages/experience/src/pages/Consent/util.ts |
Adds helper to identify OIDC access-denied HTTP errors. |
packages/experience/src/pages/Consent/index.test.tsx |
Covers denied consent info and denied consent submission flows. |
packages/phrases-experience/src/locales/en/error/index.ts |
Adds English access-denied phrases. |
packages/phrases-experience/src/locales/ar/error/index.ts |
Adds Arabic access-denied phrases. |
packages/phrases-experience/src/locales/cs/error/index.ts |
Adds Czech access-denied phrases. |
packages/phrases-experience/src/locales/de/error/index.ts |
Adds German access-denied phrases. |
packages/phrases-experience/src/locales/es/error/index.ts |
Adds Spanish access-denied phrases. |
packages/phrases-experience/src/locales/fr/error/index.ts |
Adds French access-denied phrases. |
packages/phrases-experience/src/locales/it/error/index.ts |
Adds Italian access-denied phrases. |
packages/phrases-experience/src/locales/ja/error/index.ts |
Adds Japanese access-denied phrases. |
packages/phrases-experience/src/locales/ko/error/index.ts |
Adds Korean access-denied phrases. |
packages/phrases-experience/src/locales/pl-pl/error/index.ts |
Adds Polish access-denied phrases. |
packages/phrases-experience/src/locales/pt-br/error/index.ts |
Adds Brazilian Portuguese access-denied phrases. |
packages/phrases-experience/src/locales/pt-pt/error/index.ts |
Adds European Portuguese access-denied phrases. |
packages/phrases-experience/src/locales/ru/error/index.ts |
Adds Russian access-denied phrases. |
packages/phrases-experience/src/locales/th/error/index.ts |
Adds Thai access-denied phrases. |
packages/phrases-experience/src/locales/tr-tr/error/index.ts |
Adds Turkish access-denied phrases. |
packages/phrases-experience/src/locales/uk-ua/error/index.ts |
Adds Ukrainian access-denied phrases. |
packages/phrases-experience/src/locales/zh-cn/error/index.ts |
Adds Simplified Chinese access-denied phrases. |
packages/phrases-experience/src/locales/zh-hk/error/index.ts |
Adds Hong Kong Traditional Chinese access-denied phrases. |
packages/phrases-experience/src/locales/zh-tw/error/index.ts |
Adds Taiwan Traditional Chinese access-denied phrases. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
charIeszhao
force-pushed
the
charles-log-13486-enforce-app-access-during-authorization-and-token
branch
from
4c936b0 to
6ee5bc7
Compare
charIeszhao
force-pushed
the
charles-log-13487-add-generic-sie-access-denied-experience
branch
from
100819a to
e08b371
Compare
simeng-li
reviewed
Jun 2, 2026
charIeszhao
force-pushed
the
charles-log-13487-add-generic-sie-access-denied-experience
branch
from
e08b371 to
a6d3565
Compare
charIeszhao
force-pushed
the
charles-log-13487-add-generic-sie-access-denied-experience
branch
from
a6d3565 to
dc8bd68
Compare
Base automatically changed from
charles-log-13486-enforce-app-access-during-authorization-and-token
to
master
June 2, 2026 03:12
charIeszhao
force-pushed
the
charles-log-13487-add-generic-sie-access-denied-experience
branch
from
dc8bd68 to
9ed8b35
Compare
charIeszhao
force-pushed
the
charles-log-13487-add-generic-sie-access-denied-experience
branch
from
9ed8b35 to
63d6f7b
Compare
charIeszhao
force-pushed
the
charles-log-13487-add-generic-sie-access-denied-experience
branch
from
63d6f7b to
31e509b
Compare
charIeszhao
force-pushed
the
charles-log-13487-add-generic-sie-access-denied-experience
branch
from
31e509b to
f176bdc
Compare
simeng-li
approved these changes
Jun 2, 2026
charIeszhao
deleted the
charles-log-13487-add-generic-sie-access-denied-experience
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add a generic Sign-in Experience access denied state for app-level access control denials on the consent page.
When the consent info request or consent submission returns
oidc.access_denied, the consent page now renders a terminal access denied error page instead of leaving users on a blank/toast-only state. The denied page uses generic copy and removes the authorize/cancel actions so denied users cannot continue to the application from this state.Stacked on #8882.
Testing
Unit tests
Checklist
.changeset