Developer documents six key mistakes when adding Google login to IdentityServer

·1 views

A developer spent nearly two days integrating Google OAuth into an Angular 20 app backed by IdentityServer8, documenting six critical mistakes along the way. The core issue was passing the Angular callback URL as the returnUrl to the challenge endpoint, when it should instead be the full OIDC authorize URL so IdentityServer can complete the code flow first. Additional problems included calling checkAuth() in multiple components simultaneously, causing a race condition that prevented token exchange. Misconfigurations like startCheckSession: true, an unset silentRenewUrl, and late OIDC config registration each triggered separate failures. The writeup serves as a practical troubleshooting guide for developers implementing external identity providers with IdentityServer and angular-auth-oidc-client.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Developer proposes co-location pattern to fix recurring Sanity page builder bugs

A recurring bug in Sanity-based page builders causes sections to render blank or disappear silently when developers miss one of five required touch points during setup. The problem stems from section type definitions, GROQ projections, React components, renderer maps, and TypeScript types living in separate files that can fall out of sync. Developer Maciej Trzcinski argues that co-locating a section's type, query, and renderer into a single object declaration eliminates the most common failure modes. He has published two open-source packages implementing this pattern for Sanity Studio and Next.js frontends. The core idea, however, is framework-agnostic: treating the boilerplate dispatch logic as a managed dependency rather than hand-rolled code on every project.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Shares Guide to Installing NixOS on Jetorbit VPS via nixos-anywhere

A developer documented the process of installing NixOS on a Jetorbit VPS using the nixos-anywhere tool, with all configurations managed from a macOS laptop running nix-darwin. The setup relies on SSH key-based root access and a one-time nixos-anywhere deployment, with subsequent updates handled via nixos-rebuild. Three critical pre-installation checks are highlighted: confirming the VPS uses legacy BIOS rather than UEFI, noting that Jetorbit assigns static IPs instead of DHCP, and ensuring the root SSH public key is registered on the server. The nixos-anywhere tool works by sending a small installer image to the running server and using kexec to boot into it without a full reinstall, then partitioning the disk via disko and building the NixOS system closure remotely. This approach eliminates configuration drift and keeps the server state fully reproducible from a git repository.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Why Complex Systems Fail Silently: Lessons from Bridges and AI-Assisted Code

A tech essay in the 'Craft & Code' series draws parallels between historic engineering failures and the hidden risks in modern software development. The author highlights two landmark cases: the Tacoma Narrows Bridge, which collapsed in 1940 due to unforeseen aerodynamic flaws, and the 1977 Citicorp Center in New York, which was quietly reinforced after its own engineer discovered a critical structural vulnerability post-construction. Unlike a crooked shelf, which reveals its flaw immediately, complex engineering can appear flawless while harboring serious defects beneath the surface. The piece argues that software, as one of the most complex forms of engineering, belongs in the same risk category as bridges and skyscrapers rather than simple craftsmanship. The author warns that as AI tools democratize software creation, the ability to detect invisible, potentially fatal flaws may erode before anyone notices it is gone.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Policy Alone Won't Stop AI Hallucinations in Law Firms, Infrastructure Will

In April 2026, Sullivan & Cromwell apologized to a federal bankruptcy judge after AI-generated hallucinations appeared in a court filing, despite the firm having stated safeguards in place. The incident highlights a broader distinction between policy-based compliance and technical infrastructure — policies set expectations but cannot intercept errors at the moment they are generated. Experts argue that law firms need an AI harness layer built into their workflows, including real-time citation verification, confidence-threshold routing, and ongoing model-drift monitoring. Without these technical controls, hallucinated content can pass through multiple human review stages undetected, especially under deadline pressure or when junior staff are involved. The Sullivan & Cromwell case is being cited as evidence that governed AI infrastructure, not just acceptable-use policies, must be treated as a core design requirement for legal work.

0 comments Read more at DEV Community