Show auth chooser when GCP OAuth is enabled

When GCP OAuth is configured, show the auth chooser dialog instead of
automatically redirecting to the token page. This allows users to choose
between Google Sign In and token authentication.

The redirect to token page is now conditional on GCP OAuth being disabled,
which preserves backward compatibility with e2e tests and non-GCP deployments.

Also updated GCPLoginButton to only show when GCP OAuth is explicitly enabled
via environment variable, not based on cluster type detection.

Author: drduker

frontend/src/components/authchooser/index.tsx

@@ -26,6 +26,7 @@ import { getAppUrl } from '../../helpers/getAppUrl';
 import { getCluster, getClusterPrefixedPath } from '../../lib/cluster';
 import { useClustersConf } from '../../lib/k8s';
 import { testAuth } from '../../lib/k8s/api/v1/clusterApi';
+import { isGCPOAuthEnabled } from '../../lib/k8s/gke';
 import { queryClient } from '../../lib/queryClient';
 import { createRouteURL } from '../../lib/router/createRouteURL';
 import { getRoute } from '../../lib/router/getRoute';
@@ -160,21 +161,33 @@ function AuthChooser({ children }: AuthChooserProps) {
               if (cluster.useToken === false) {
                 history.replace(from);
               } else if (!clusterAuthType) {
-                // we know that it requires token and also doesn't have oidc configured
-                // so let's redirect to token page
-                history.replace({
-                  pathname: generatePath(getClusterPrefixedPath('token'), {
-                    cluster: clusterName as string,
-                  }),
+                // Check if GCP OAuth is enabled before auto-redirecting to token page.
+                // If GCP OAuth is enabled, we want to show the auth chooser so users can
+                // choose between Google Sign In and token authentication.
+                isGCPOAuthEnabled().then(gcpEnabled => {
+                  if (!gcpEnabled && !cancelledRef.current) {
+                    // GCP OAuth not enabled, so redirect to token page
+                    history.replace({
+                      pathname: generatePath(getClusterPrefixedPath('token'), {
+                        cluster: clusterName as string,
+                      }),
+                    });
+                  }
+                  // If GCP OAuth is enabled, stay on auth chooser to show both options
                 });
               }
             }
           });
       } else if (cluster.useToken) {
-        history.replace({
-          pathname: generatePath(getClusterPrefixedPath('token'), {
-            cluster: clusterName as string,
-          }),
+        // Check if GCP OAuth is enabled before auto-redirecting
+        isGCPOAuthEnabled().then(gcpEnabled => {
+          if (!gcpEnabled && !cancelledRef.current) {
+            history.replace({
+              pathname: generatePath(getClusterPrefixedPath('token'), {
+                cluster: clusterName as string,
+              }),
+            });
+          }
         });
       }
     },

frontend/src/components/cluster/GCPLoginButton.tsx

@@ -18,7 +18,7 @@ import { Box, Button, ButtonProps } from '@mui/material';
 import React from 'react';
 import { useTranslation } from 'react-i18next';
 import { Cluster } from '../../lib/k8s/cluster';
-import { initiateGCPLogin, isGCPOAuthEnabled, isGKECluster } from '../../lib/k8s/gke';
+import { initiateGCPLogin, isGCPOAuthEnabled } from '../../lib/k8s/gke';
 
 export interface GCPLoginButtonProps {
   /** The cluster to authenticate to */
@@ -37,7 +37,8 @@ export interface GCPLoginButtonProps {
 
 /**
  * A button component that initiates Google OAuth login for GKE clusters.
- * Only renders if GCP OAuth is enabled in the backend, or if the cluster is detected as a GKE cluster.
+ * Only renders if GCP OAuth is enabled in the backend via the HEADLAMP_CONFIG_GCP_OAUTH_ENABLED
+ * environment variable.
  */
 export function GCPLoginButton({
   cluster,
@@ -65,8 +66,8 @@ export function GCPLoginButton({
       });
   }, []);
 
-  // Show button if GCP OAuth is enabled OR if it's a GKE cluster
-  const shouldShowButton = gcpOAuthEnabled === true || isGKECluster(cluster);
+  // Only show button if GCP OAuth is enabled via environment variable
+  const shouldShowButton = gcpOAuthEnabled === true;
 
   if (!shouldShowButton) {
     return null;