From 4a66341e080a224f5670a91d7799e31d914e465e Mon Sep 17 00:00:00 2001 From: Till-JS <101404291+Till-JS@users.noreply.github.com> Date: Fri, 30 Jan 2026 16:41:39 +0100 Subject: [PATCH] fix(mana-core-auth): extract client_id from returnUrl for OIDC login When redirected from authorization endpoint, the client_id is encoded in the returnUrl parameter, not directly in query params. This fix extracts it properly to display the correct application name. Co-Authored-By: Claude Opus 4.5 --- .../src/auth/oidc-login.controller.ts | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/services/mana-core-auth/src/auth/oidc-login.controller.ts b/services/mana-core-auth/src/auth/oidc-login.controller.ts index b77bfefee..934edb397 100644 --- a/services/mana-core-auth/src/auth/oidc-login.controller.ts +++ b/services/mana-core-auth/src/auth/oidc-login.controller.ts @@ -23,12 +23,28 @@ export class OidcLoginController { */ @Get('login') async getLoginPage(@Query() query: Record, @Res() res: Response) { - const queryString = new URLSearchParams(query).toString(); - const returnUrl = queryString ? `/api/auth/oauth2/authorize?${queryString}` : '/'; + // Handle returnUrl parameter (when redirected from authorization endpoint) + let returnUrl = query.returnUrl || '/'; + let clientId = query.client_id; + + // If no direct client_id but we have returnUrl, extract client_id from it + if (!clientId && query.returnUrl) { + try { + const returnUrlParams = new URLSearchParams(query.returnUrl.split('?')[1] || ''); + clientId = returnUrlParams.get('client_id') || undefined; + } catch { + // Ignore parsing errors + } + } + + // If no returnUrl was provided, build one from query params (direct OIDC flow) + if (!query.returnUrl && Object.keys(query).length > 0) { + const queryString = new URLSearchParams(query).toString(); + returnUrl = `/api/auth/oauth2/authorize?${queryString}`; + } // Get client name for display - const clientId = query.client_id || 'Unknown'; - const clientName = this.getClientDisplayName(clientId); + const clientName = this.getClientDisplayName(clientId || 'Unknown'); const html = `