[feature] Application creation + management via API + settings panel (#3906)

* [feature] Application creation + management via API + settings panel

* fix docs links

* add errnorows test

* use known application as shorter

* add comment about side effects

web/source/settings/lib/query/admin/custom-emoji/index.ts

@@ -141,7 +141,7 @@ const extended = gtsApi.injectEndpoints({
 		searchItemForEmoji: build.mutation<EmojisFromItem, string>({
 			async queryFn(url, api, _extraOpts, fetchWithBQ) {
 				const state = api.getState() as RootState;
-				const oauthState = state.oauth;
+				const loginState = state.login;
 				
 				// First search for given url.
 				const searchRes = await fetchWithBQ({
@@ -161,8 +161,8 @@ const extended = gtsApi.injectEndpoints({
 				
 				// Ensure emojis domain is not OUR domain. If it
 				// is, we already have the emojis by definition.
-				if (oauthState.instanceUrl !== undefined) {
-					if (domain == new URL(oauthState.instanceUrl).host) {
+				if (loginState.instanceUrl !== undefined) {
+					if (domain == new URL(loginState.instanceUrl).host) {
 						throw "LOCAL_INSTANCE";
 					}
 				}

web/source/settings/lib/query/admin/domain-permissions/export.ts

@@ -116,7 +116,7 @@ const extended = gtsApi.injectEndpoints({
 				// Parse filename to something like:
 				// `example.org-blocklist-2023-10-09.json`.
 				const state = api.getState() as RootState;
-				const instanceUrl = state.oauth.instanceUrl?? "unknown";
+				const instanceUrl = state.login.instanceUrl?? "unknown";
 				const domain = new URL(instanceUrl).host;
 				const date = new Date();
 				const filename = [

web/source/settings/lib/query/gts-api.ts

@@ -77,7 +77,7 @@ const gtsBaseQuery: BaseQueryFn<
 	// Retrieve state at the moment
 	// this function was called.
 	const state = api.getState() as RootState;
-	const { instanceUrl, token } = state.oauth;
+	const { instanceUrl, token } = state.login;
 
 	// Derive baseUrl dynamically.
 	let baseUrl: string | undefined;
@@ -160,6 +160,7 @@ export const gtsApi = createApi({
 	reducerPath: "api",
 	baseQuery: gtsBaseQuery,
 	tagTypes: [
+		"Application",
 		"Auth",
 		"Emoji",
 		"Report",

web/source/settings/lib/query/login/index.ts

@@ -24,17 +24,10 @@ import {
 	setToken as oauthSetToken,
 	remove as oauthRemove,
 	authorize as oauthAuthorize,
-} from "../../../redux/oauth";
+} from "../../../redux/login";
 import { RootState } from '../../../redux/store';
 import { Account } from '../../types/account';
-
-export interface OauthTokenRequestBody {
-	client_id: string;
-	client_secret: string;
-	redirect_uri: string;
-	grant_type: string;
-	code: string;
-}
+import { OAuthAccessTokenRequestBody } from '../../types/oauth';
 
 function getSettingsURL() {
 	/*
@@ -45,7 +38,7 @@ function getSettingsURL() {
 		 Also drops anything past /settings/, because authorization urls that are too long
 		 get rejected by GTS.
 	*/
-	let [pre, _past] = window.location.pathname.split("/settings");
+	const [pre, _past] = window.location.pathname.split("/settings");
 	return `${window.location.origin}${pre}/settings`;
 }
 
@@ -64,12 +57,12 @@ const extended = gtsApi.injectEndpoints({
 				error == undefined ? ["Auth"] : [],
 			async queryFn(_arg, api, _extraOpts, fetchWithBQ) {
 				const state = api.getState() as RootState;
-				const oauthState = state.oauth;
+				const loginState = state.login;
 
 				// If we're not in the middle of an auth/callback,
 				// we may already have an auth token, so just
 				// return a standard verify_credentials query.
-				if (oauthState.loginState != 'callback') {
+				if (loginState.current != 'awaitingcallback') {
 					return fetchWithBQ({
 						url: `/api/v1/accounts/verify_credentials`
 					});
@@ -77,8 +70,8 @@ const extended = gtsApi.injectEndpoints({
 
 				// We're in the middle of an auth/callback flow.
 				// Try to retrieve callback code from URL query.
-				let urlParams = new URLSearchParams(window.location.search);
-				let code = urlParams.get("code");
+				const urlParams = new URLSearchParams(window.location.search);
+				const code = urlParams.get("code");
 				if (code == undefined) {
 					return {
 						error: {
@@ -91,7 +84,7 @@ const extended = gtsApi.injectEndpoints({
 				
 				// Retrieve app with which the
 				// callback code was generated.
-				let app = oauthState.app;
+				const app = loginState.app;
 				if (app == undefined || app.client_id == undefined) {
 					return {
 						error: {
@@ -104,7 +97,7 @@ const extended = gtsApi.injectEndpoints({
 				
 				// Use the provided code and app
 				// secret to request an auth token.
-				const tokenReqBody: OauthTokenRequestBody = {
+				const tokenReqBody: OAuthAccessTokenRequestBody = {
 					client_id: app.client_id,
 					client_secret: app.client_secret,
 					redirect_uri: SETTINGS_URL,
@@ -139,7 +132,7 @@ const extended = gtsApi.injectEndpoints({
 		authorizeFlow: build.mutation({
 			async queryFn(formData, api, _extraOpts, fetchWithBQ) {
 				const state = api.getState() as RootState;
-				const oauthState = state.oauth;
+				const loginState = state.login;
 
 				let instanceUrl: string;
 				if (!formData.instance.startsWith("http")) {
@@ -147,8 +140,8 @@ const extended = gtsApi.injectEndpoints({
 				}
 
 				instanceUrl = new URL(formData.instance).origin;
-				if (oauthState?.instanceUrl == instanceUrl && oauthState.app) {
-					return { data: oauthState.app };
+				if (loginState?.instanceUrl == instanceUrl && loginState.app) {
+					return { data: loginState.app };
 				}
 				
 				const appResult = await fetchWithBQ({
@@ -166,24 +159,24 @@ const extended = gtsApi.injectEndpoints({
 					return { error: appResult.error as FetchBaseQueryError };
 				}
 
-				let app = appResult.data as any;
+				const app = appResult.data as any;
 
 				app.scopes = formData.scopes;
 				api.dispatch(oauthAuthorize({
 					instanceUrl: instanceUrl,
 					app: app,
-					loginState: "callback",
+					current: "awaitingcallback",
 					expectingRedirect: true
 				}));
 
-				let url = new URL(instanceUrl);
+				const url = new URL(instanceUrl);
 				url.pathname = "/oauth/authorize";
 				url.searchParams.set("client_id", app.client_id);
 				url.searchParams.set("redirect_uri", SETTINGS_URL);
 				url.searchParams.set("response_type", "code");
 				url.searchParams.set("scope", app.scopes);
 				
-				let redirectURL = url.toString();
+				const redirectURL = url.toString();
 				window.location.assign(redirectURL);
 				return { data: null };
 			},

web/source/settings/lib/query/user/applications.ts

@@ -0,0 +1,146 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import { RootState } from "../../../redux/store";
+import {
+	SearchAppParams,
+	SearchAppResp,
+	App,
+	AppCreateParams,
+} from "../../types/application";
+import { OAuthAccessToken, OAuthAccessTokenRequestBody } from "../../types/oauth";
+import { gtsApi } from "../gts-api";
+import parse from "parse-link-header";
+
+const extended = gtsApi.injectEndpoints({
+	endpoints: (build) => ({
+		searchApp: build.query<SearchAppResp, SearchAppParams>({
+			query: (form) => {
+				const params = new(URLSearchParams);
+				Object.entries(form).forEach(([k, v]) => {
+					if (v !== undefined) {
+						params.append(k, v);
+					}
+				});
+
+				let query = "";
+				if (params.size !== 0) {
+					query = `?${params.toString()}`;
+				}
+
+				return {
+					url: `/api/v1/apps${query}`
+				};
+			},
+			// Headers required for paging.
+			transformResponse: (apiResp: App[], meta) => {
+				const apps = apiResp;
+				const linksStr = meta?.response?.headers.get("Link");
+				const links = parse(linksStr);
+				return { apps, links };
+			},
+			providesTags: [{ type: "Application", id: "TRANSFORMED" }]
+		}),
+
+		getApp: build.query<App, string>({
+			query: (id) => ({
+				method: "GET",
+				url: `/api/v1/apps/${id}`,
+			}),
+			providesTags: (_result, _error, id) => [
+				{ type: 'Application', id }
+			],
+		}),
+
+		createApp: build.mutation<App, AppCreateParams>({
+			query: (formData) => ({
+				method: "POST",
+				url: `/api/v1/apps`,
+				asForm: true,
+				body: formData,
+				discardEmpty: true
+			}),
+			invalidatesTags: [{ type: "Application", id: "TRANSFORMED" }],
+		}),
+
+		deleteApp: build.mutation<App, string>({
+			query: (id) => ({
+				method: "DELETE",
+				url: `/api/v1/apps/${id}`
+			}),
+			invalidatesTags: (_result, _error, id) => [
+				{ type: 'Application', id },
+				{ type: "Application", id: "TRANSFORMED" },
+				{ type: "TokenInfo", id: "TRANSFORMED" },
+			],
+		}),
+
+		getOOBAuthCode: build.mutation<null, { app: App, scope: string, redirectURI: string }>({
+			async queryFn({ app, scope, redirectURI }, api, _extraOpts, _fetchWithBQ) {
+				// Fetch the instance URL string from
+				// oauth state, eg., https://example.org.
+				const state = api.getState() as RootState;
+				if (!state.login.instanceUrl) {
+					return {
+						error: {
+							status: 'CUSTOM_ERROR',
+							error: "oauthState.instanceUrl undefined",
+						}
+					};
+				}
+				const instanceUrl = state.login.instanceUrl;
+
+				// Parse instance URL + set params on it.
+				const url = new URL(instanceUrl);
+				url.pathname = "/oauth/authorize";
+				url.searchParams.set("client_id", app.client_id);
+				url.searchParams.set("redirect_uri", redirectURI);
+				url.searchParams.set("response_type", "code");
+				url.searchParams.set("scope", scope);
+
+				// Set the app ID in state so we know which
+				// app to get out of our store after redirect.
+				url.searchParams.set("state", app.id);
+
+				// Whisk the user away to the authorize page.
+				window.location.assign(url.toString());
+				return { data: null };
+			}
+		}),
+
+		getAccessTokenForApp: build.mutation<OAuthAccessToken, OAuthAccessTokenRequestBody>({
+			query: (formData) => ({
+				method: "POST",
+				url: `/oauth/token`,
+				asForm: true,
+				body: formData,
+				discardEmpty: true
+			}),
+		}),
+	})
+});
+
+export const {
+	useLazySearchAppQuery,
+	useCreateAppMutation,
+	useGetAppQuery,
+	useGetOOBAuthCodeMutation,
+	useGetAccessTokenForAppMutation,
+	useDeleteAppMutation,
+} = extended;

web/source/settings/lib/types/application.ts

@@ -0,0 +1,71 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import { Links } from "parse-link-header";
+
+export interface App {
+	id: string;
+	created_at: string;
+	name: string;
+	website?: string;
+	redirect_uris: string[];
+	redirect_uri: string;
+	client_id: string;
+	client_secret: string;
+	vapid_key: string;
+	scopes: string[];
+}
+
+/**
+ * Parameters for GET to /api/v1/apps.
+ */
+export interface SearchAppParams {
+	/**
+	 * If set, show only items older (ie., lower) than the given ID.
+	 * Item with the given ID will not be included in response.
+	 */
+	max_id?: string;
+	/**
+	 * If set, show only items newer (ie., higher) than the given ID.
+	 * Item with the given ID will not be included in response.
+	 */
+	since_id?: string;
+	/**
+	 * If set, show only items *immediately newer* than the given ID.
+	 * Item with the given ID will not be included in response.
+	 */
+	min_id?: string;
+	/**
+	 * If set, limit returned items to this number.
+	 * Else, fall back to GtS API defaults.
+	 */
+	limit?: number;
+}
+
+export interface SearchAppResp {
+	apps: App[];
+	links: Links | null;
+}
+
+export interface AppCreateParams {
+	client_name: string;
+	redirect_uris: string;
+	scopes: string;
+	website: string;
+}

web/source/settings/lib/types/oauth.ts

@@ -0,0 +1,49 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * OAuthToken represents a response
+ * to an OAuth token request.
+ */
+export interface OAuthAccessToken {
+	/**
+	 * Most likely to be 'Bearer'
+	 * but may be something else.
+	 */
+	token_type: string;
+	/**
+	 * The actual token. Can be passed in to
+	 * authenticate further requests using the
+	 * Authorization header and the token type.
+	 */
+	access_token: string;
+}
+
+export interface OAuthApp {
+	client_id: string;
+	client_secret: string;
+}
+
+export interface OAuthAccessTokenRequestBody {
+	client_id: string;
+	client_secret: string;
+	redirect_uri: string;
+	grant_type: string;
+	code: string;
+}

web/source/settings/lib/types/scopes.ts

@@ -0,0 +1,139 @@
+/*
+	GoToSocial
+	Copyright (C) GoToSocial Authors admin@gotosocial.org
+	SPDX-License-Identifier: AGPL-3.0-or-later
+
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published by
+	the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Sub-scopes / scope components */
+
+const scopeAccounts      = "accounts";
+const scopeApplications  = "applications";
+const scopeBlocks        = "blocks";
+const scopeBookmarks     = "bookmarks";
+const scopeConversations = "conversations";
+const scopeDomainAllows  = "domain_allows";
+const scopeDomainBlocks  = "domain_blocks";
+const scopeFavourites    = "favourites";
+const scopeFilters       = "filters";
+const scopeFollows       = "follows";
+const scopeLists         = "lists";
+const scopeMedia         = "media";
+const scopeMutes         = "mutes";
+const scopeNotifications = "notifications";
+const scopeReports       = "reports";
+const scopeSearch        = "search";
+const scopeStatuses      = "statuses";
+
+/* Top-level scopes */
+
+export const ScopeProfile    = "profile";
+export const ScopePush       = "push";
+export const ScopeRead       = "read";
+export const ScopeWrite      = "write";
+export const ScopeAdmin      = "admin";
+export const ScopeAdminRead  = ScopeAdmin + ":" + ScopeRead;
+export const ScopeAdminWrite = ScopeAdmin + ":" + ScopeWrite;
+
+/* Granular scopes */
+
+export const ScopeReadAccounts           = ScopeRead + ":" + scopeAccounts;
+export const ScopeWriteAccounts          = ScopeWrite + ":" + scopeAccounts;
+export const ScopeReadApplications       = ScopeRead + ":" + scopeApplications;
+export const ScopeWriteApplications      = ScopeWrite + ":" + scopeApplications;
+export const ScopeReadBlocks             = ScopeRead + ":" + scopeBlocks;
+export const ScopeWriteBlocks            = ScopeWrite + ":" + scopeBlocks;
+export const ScopeReadBookmarks          = ScopeRead + ":" + scopeBookmarks;
+export const ScopeWriteBookmarks         = ScopeWrite + ":" + scopeBookmarks;
+export const ScopeWriteConversations     = ScopeWrite + ":" + scopeConversations;
+export const ScopeReadFavourites         = ScopeRead + ":" + scopeFavourites;
+export const ScopeWriteFavourites        = ScopeWrite + ":" + scopeFavourites;
+export const ScopeReadFilters            = ScopeRead + ":" + scopeFilters;
+export const ScopeWriteFilters           = ScopeWrite + ":" + scopeFilters;
+export const ScopeReadFollows            = ScopeRead + ":" + scopeFollows;
+export const ScopeWriteFollows           = ScopeWrite + ":" + scopeFollows;
+export const ScopeReadLists              = ScopeRead + ":" + scopeLists;
+export const ScopeWriteLists             = ScopeWrite + ":" + scopeLists;
+export const ScopeWriteMedia             = ScopeWrite + ":" + scopeMedia;
+export const ScopeReadMutes              = ScopeRead + ":" + scopeMutes;
+export const ScopeWriteMutes             = ScopeWrite + ":" + scopeMutes;
+export const ScopeReadNotifications      = ScopeRead + ":" + scopeNotifications;
+export const ScopeWriteNotifications     = ScopeWrite + ":" + scopeNotifications;
+export const ScopeWriteReports           = ScopeWrite + ":" + scopeReports;
+export const ScopeReadSearch             = ScopeRead + ":" + scopeSearch;
+export const ScopeReadStatuses           = ScopeRead + ":" + scopeStatuses;
+export const ScopeWriteStatuses          = ScopeWrite + ":" + scopeStatuses;
+export const ScopeAdminReadAccounts      = ScopeAdminRead + ":" + scopeAccounts;
+export const ScopeAdminWriteAccounts     = ScopeAdminWrite + ":" + scopeAccounts;
+export const ScopeAdminReadReports       = ScopeAdminRead + ":" + scopeReports;
+export const ScopeAdminWriteReports      = ScopeAdminWrite + ":" + scopeReports;
+export const ScopeAdminReadDomainAllows  = ScopeAdminRead + ":" + scopeDomainAllows;
+export const ScopeAdminWriteDomainAllows = ScopeAdminWrite + ":" + scopeDomainAllows;
+export const ScopeAdminReadDomainBlocks  = ScopeAdminRead + ":" + scopeDomainBlocks;
+export const ScopeAdminWriteDomainBlocks = ScopeAdminWrite + ":" + scopeDomainBlocks;
+
+export const ValidScopes = [
+	ScopeProfile,
+	ScopePush,
+	ScopeRead,
+	ScopeWrite,
+	ScopeAdmin,
+	ScopeAdminRead,
+	ScopeAdminWrite,
+	ScopeReadAccounts,
+	ScopeWriteAccounts,
+	ScopeReadApplications,
+	ScopeWriteApplications,
+	ScopeReadBlocks,
+	ScopeWriteBlocks,
+	ScopeReadBookmarks,
+	ScopeWriteBookmarks,
+	ScopeWriteConversations,
+	ScopeReadFavourites,
+	ScopeWriteFavourites,
+	ScopeReadFilters,
+	ScopeWriteFilters,
+	ScopeReadFollows,
+	ScopeWriteFollows,
+	ScopeReadLists,
+	ScopeWriteLists,
+	ScopeWriteMedia,
+	ScopeReadMutes,
+	ScopeWriteMutes,
+	ScopeReadNotifications,
+	ScopeWriteNotifications,
+	ScopeWriteReports,
+	ScopeReadSearch,
+	ScopeReadStatuses,
+	ScopeWriteStatuses,
+	ScopeAdminReadAccounts,
+	ScopeAdminWriteAccounts,
+	ScopeAdminReadReports,
+	ScopeAdminWriteReports,
+	ScopeAdminReadDomainAllows,
+	ScopeAdminWriteDomainAllows,
+	ScopeAdminReadDomainBlocks,
+	ScopeAdminWriteDomainBlocks,
+];
+
+export const ValidTopLevelScopes = [
+	ScopeProfile,
+	ScopePush,
+	ScopeRead,
+	ScopeWrite,
+	ScopeAdmin,
+	ScopeAdminRead,
+	ScopeAdminWrite,
+];

web/source/settings/lib/util/formvalidators.ts

@@ -18,6 +18,8 @@
 */
 
 import isValidDomain from "is-valid-domain";
+import { useCallback } from "react";
+import { ValidScopes, ValidTopLevelScopes } from "../types/scopes";
 
 /**
  * Validate the "domain" field of a form.
@@ -29,6 +31,11 @@ export function formDomainValidator(domain: string): string {
 		return "";
 	}
 
+	// Allow localhost for testing.
+	if (domain === "localhost") {
+		return "";
+	}
+
 	if (domain[domain.length-1] === ".") {
 		return "invalid domain";
 	}
@@ -63,5 +70,67 @@ export function urlValidator(urlStr: string): string {
 		return `invalid protocol, must be http or https`;
 	}
 
-	return formDomainValidator(url.host);
+	return formDomainValidator(url.hostname);
 }
+
+export function useScopesValidator(): (_scopes: string[]) => string {
+	return useCallback((scopes) => {
+		return scopes.
+			map((scope) => validateScope(scope)).
+			flatMap((msg) => msg || []).
+			join(", ");
+	}, []);
+}
+
+export function useScopeValidator(): (_scope: string) => string {
+	return useCallback((scope) => validateScope(scope), []);
+}
+
+const validateScope = (scope: string) => {
+	if (!ValidScopes.includes(scope)) {
+		return scope + " is not a recognized scope";
+	} 
+	return "";
+};
+
+export function useScopesPermittedBy(): (_hasScopes: string[], _wantScopes: string[]) => string {
+	return useCallback((hasScopes, wantsScopes) => {
+		return wantsScopes.
+			map((wanted) => scopePermittedByScopes(hasScopes, wanted)).
+			flatMap((msg) => msg || []).
+			join(", ");
+	}, []);
+}
+
+const scopePermittedByScopes = (hasScopes: string[], wanted: string) => {
+	if (hasScopes.some((hasScope) => scopePermittedByScope(hasScope, wanted) === "")) {
+		return "";
+	}
+	return `scopes [${hasScopes}] do not permit ${wanted}`;
+};
+
+const scopePermittedByScope = (has: string, wanted: string) => {
+	if (has === wanted) {
+		// Exact match on either a
+		// top-level or granular scope.
+		return "";
+	}
+
+	// Ensure we have a
+	// known top-level scope.
+	switch (true) {
+		case (ValidTopLevelScopes.includes(has)):
+			// Check if top-level includes wanted,
+			// eg., have "admin", want "admin:read".
+			if (wanted.startsWith(has + ":")) {
+				return "";
+			} else {
+				return `scope ${has} does not permit ${wanted}`;
+			}
+	
+		default:
+			// Unknown top-level scope,
+			// can't permit anything.
+			return `unrecognized scope ${has}`;
+	}
+};

web/source/settings/lib/util/index.ts

@@ -30,7 +30,7 @@ export function UseOurInstanceAccount(account: AdminAccount): boolean {
 	// Pull our own URL out of storage so we can
 	// tell if account is our instance account.
 	const ourDomain = useMemo(() => {
-		const instanceUrlStr = store.getState().oauth.instanceUrl;
+		const instanceUrlStr = store.getState().login.instanceUrl;
 		if (!instanceUrlStr) {
 			return "";
 		}