fix(deploy): use Frontend API URL for OAuth redirect URI in walkthrough

[Railly]

Problem

The OAuth walkthrough in clerk deploy prints https://accounts.{domain}/v1/oauth_callback as the redirect URI. That endpoint lives on the Frontend API (clerk.{domain}), not the Account Portal, so pasting the printed value into a provider console causes redirect_uri_mismatch. Affects every provider walkthrough since #260.

Fix

PLAPI already returns the correct value as frontend_api_url on the domain object; it was being dropped. Thread it through deploy state (new-deploy and resume paths) into showOAuthWalkthrough, with a https://clerk.{domain} fallback since TS types do not validate runtime JSON.

Tests

• New walkthrough test with a distinctive API-provided frontend_api_url proves the value is threaded, not string-built from the domain
• Reconcile-path walkthrough test now asserts the FAPI URI and the absence of the accounts. one
• bun test, typecheck, lint, format:check pass

[changeset-bot]

🦋 Changeset detected

Latest commit: 5eac92d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
clerk	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Warning

Review limit reached

@Railly, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 55 minutes and 12 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more credits in the billing tab to continue.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7be485d6-9b0c-42ff-a014-7c4abdfb0ed4

📥 Commits

Reviewing files that changed from the base of the PR and between 61640b5 and 5eac92d.

📒 Files selected for processing (7)

• .changeset/fix-oauth-redirect-fapi.md
• packages/cli-core/src/commands/deploy/README.md
• packages/cli-core/src/commands/deploy/index.test.ts
• packages/cli-core/src/commands/deploy/index.ts
• packages/cli-core/src/commands/deploy/providers.ts
• packages/cli-core/src/commands/deploy/state.ts
• packages/cli-core/src/commands/deploy/status.ts

📝 Walkthrough

Walkthrough

This PR updates the clerk deploy command's OAuth credential setup flow to use the Frontend API URL for OAuth redirect URIs instead of the Accounts Portal URL. The change threads frontendApiUrl from the production domain through the deploy operation state into the OAuth walkthrough renderer, where it constructs and displays the correct callback URI. Supporting updates include extending the DeployOperationState type, including the URL in the live deployment snapshot, refactoring test helpers to support dynamic Frontend API URL injection, and documenting the new behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: fixing the OAuth redirect URI in the deploy walkthrough to use the Frontend API URL instead of the Accounts Portal URL.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description clearly explains the problem (OAuth walkthrough printing incorrect redirect URI), the fix implemented (threading frontend_api_url through deploy state), and testing approach.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}