@bagelink/auth 1.7.76 → 1.7.78

package/README.md

@@ -294,7 +294,7 @@ await sso.google.redirect({
 // router.ts
 {
   path: '/auth/callback',
-  name: 'Callback',
+  name: 'AuthCallback',
   component: () => import('@bagelink/auth').then(m => m.Callback),
 }
 ```
@@ -308,6 +308,31 @@ await sso.google.redirect({
 - Okta
 - Facebook
 
+### SSO Redirect Preservation
+
+When users access a protected route and authenticate via SSO, the original URL is automatically preserved:
+
+```typescript
+// User tries to access /dashboard (protected)
+// ↓ Redirected to /login?redirect=/dashboard
+// ↓ User clicks "Login with Google"
+// ↓ Goes to Google OAuth
+// ↓ Returns to /auth/callback
+// ↓ Automatically redirected to /dashboard ✅
+```
+
+**How it works:**
+1. The `redirect` query param is stored in `sessionStorage` before SSO redirect
+2. After OAuth callback, it's restored to the URL
+3. Auto-redirect (or manual fallback) uses it to navigate to the original destination
+
+**Manual SSO with redirect:**
+```typescript
+// On login page with ?redirect=/dashboard
+await sso.google.redirect()
+// Redirect param is automatically preserved across the OAuth flow
+```
+
 ## Advanced Configuration
 
 ### Security: Restrict Redirect Paths

package/dist/index.cjs

@@ -1086,10 +1086,14 @@ const _sfc_main$4 = /* @__PURE__ */ vue.defineComponent({
     });
     async function linkCallback() {
       isLinking.value = true;
+      const { redirect: redirect2 } = route.query;
       try {
         await sso2.handleLinkCallback();
         success.value = true;
-        setTimeout(() => router2.push("/"), timeout);
+        setTimeout(() => {
+          const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+          router2.push(redirectPath);
+        }, timeout);
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Failed to link account";
         error.value = errorMessage;
@@ -1099,7 +1103,7 @@ const _sfc_main$4 = /* @__PURE__ */ vue.defineComponent({
     }
     async function handleCallback() {
       var _a;
-      const { state } = route.query;
+      const { state, redirect: redirect2 } = route.query;
       provider.value = sessionStorage.getItem(`oauth_provider:${state}`);
       try {
         const response = await sso2.handleCallback();
@@ -1108,7 +1112,10 @@ const _sfc_main$4 = /* @__PURE__ */ vue.defineComponent({
         } else {
           authResponse.value = response;
           success.value = true;
-          setTimeout(() => router2.push("/"), timeout);
+          setTimeout(() => {
+            const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+            router2.push(redirectPath);
+          }, timeout);
         }
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Authentication failed";
@@ -1584,6 +1591,13 @@ function createSSOProvider(config) {
       const auth = getAuthApi();
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1602,6 +1616,13 @@ function createSSOProvider(config) {
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
       const timeout2 = options.popupTimeout ?? 9e4;
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1818,6 +1839,15 @@ function handleOAuthCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    }
+  }
   return ssoProviders[provider].callback(code, state);
 }
 function handleOAuthLinkCallback() {
@@ -1829,6 +1859,15 @@ function handleOAuthLinkCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    }
+  }
   return ssoProviders[provider].link(code, state);
 }
 var AuthState = /* @__PURE__ */ ((AuthState2) => {
@@ -1891,7 +1930,7 @@ function accountToUser(account) {
 const DEFAULT_REDIRECT_CONFIG = {
   queryKey: "redirect",
   fallback: "/",
-  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "Callback"],
+  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "AuthCallback"],
   authenticatedRedirect: "/",
   loginRoute: "Login",
   authMetaKey: "auth",
@@ -2019,7 +2058,7 @@ function setupAutoRedirect() {
   if (!eventEmitter || !redirectConfig) return;
   eventEmitter.on(AuthState.LOGIN, async () => {
     if (!autoRedirectRouter) {
-      console.warn("[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.");
+      console.warn("[Auth] Auto-redirect enabled but router not set. Call auth.use(router) in your app setup.");
       return;
     }
     const { performRedirect: performRedirect2 } = await Promise.resolve().then(() => redirect);

package/dist/index.mjs

@@ -1084,10 +1084,14 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
     });
     async function linkCallback() {
       isLinking.value = true;
+      const { redirect: redirect2 } = route.query;
       try {
         await sso2.handleLinkCallback();
         success.value = true;
-        setTimeout(() => router2.push("/"), timeout);
+        setTimeout(() => {
+          const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+          router2.push(redirectPath);
+        }, timeout);
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Failed to link account";
         error.value = errorMessage;
@@ -1097,7 +1101,7 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
     }
     async function handleCallback() {
       var _a;
-      const { state } = route.query;
+      const { state, redirect: redirect2 } = route.query;
       provider.value = sessionStorage.getItem(`oauth_provider:${state}`);
       try {
         const response = await sso2.handleCallback();
@@ -1106,7 +1110,10 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
         } else {
           authResponse.value = response;
           success.value = true;
-          setTimeout(() => router2.push("/"), timeout);
+          setTimeout(() => {
+            const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+            router2.push(redirectPath);
+          }, timeout);
         }
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Authentication failed";
@@ -1582,6 +1589,13 @@ function createSSOProvider(config) {
       const auth = getAuthApi();
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1600,6 +1614,13 @@ function createSSOProvider(config) {
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
       const timeout2 = options.popupTimeout ?? 9e4;
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1816,6 +1837,15 @@ function handleOAuthCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    }
+  }
   return ssoProviders[provider].callback(code, state);
 }
 function handleOAuthLinkCallback() {
@@ -1827,6 +1857,15 @@ function handleOAuthLinkCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    }
+  }
   return ssoProviders[provider].link(code, state);
 }
 var AuthState = /* @__PURE__ */ ((AuthState2) => {
@@ -1889,7 +1928,7 @@ function accountToUser(account) {
 const DEFAULT_REDIRECT_CONFIG = {
   queryKey: "redirect",
   fallback: "/",
-  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "Callback"],
+  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "AuthCallback"],
   authenticatedRedirect: "/",
   loginRoute: "Login",
   authMetaKey: "auth",
@@ -2017,7 +2056,7 @@ function setupAutoRedirect() {
   if (!eventEmitter || !redirectConfig) return;
   eventEmitter.on(AuthState.LOGIN, async () => {
     if (!autoRedirectRouter) {
-      console.warn("[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.");
+      console.warn("[Auth] Auto-redirect enabled but router not set. Call auth.use(router) in your app setup.");
       return;
     }
     const { performRedirect: performRedirect2 } = await Promise.resolve().then(() => redirect);

package/dist/types/redirect.d.ts

@@ -16,7 +16,7 @@ export interface RedirectConfig {
     /**
      * Routes that require NO authentication (login, signup, forgot password, etc)
      * Authenticated users will be automatically redirected away from these pages
-     * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback']
+     * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'AuthCallback']
      */
     noAuthRoutes?: string[];
     /**

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@bagelink/auth",
   "type": "module",
-  "version": "1.7.76",
+  "version": "1.7.78",
   "description": "Bagelink auth package",
   "author": {
     "name": "Bagel Studio",

package/src/pages/Callback.vue

@@ -26,10 +26,14 @@ const providerInfo = computed(() => {
 
 async function linkCallback() {
 	isLinking.value = true
+	const { redirect } = route.query
 	try {
 		await sso.handleLinkCallback()
 		success.value = true
-		setTimeout(() => router.push('/'), timeout)
+		setTimeout(() => {
+			const redirectPath = typeof redirect === 'string' ? redirect : '/'
+			router.push(redirectPath)
+		}, timeout)
 	} catch (err: unknown) {
 		const errorMessage = err instanceof Error ? err.message : 'Failed to link account'
 		error.value = errorMessage
@@ -39,7 +43,7 @@ async function linkCallback() {
 }
 
 async function handleCallback() {
-	const { state } = route.query
+	const { state, redirect } = route.query
 	provider.value = sessionStorage.getItem(`oauth_provider:${state}`) as SSOProvider
 
 	try {
@@ -49,7 +53,12 @@ async function handleCallback() {
 		} else {
 			authResponse.value = response
 			success.value = true
-			setTimeout(() => router.push('/'), timeout)
+			// Auto-redirect will handle navigation, but fallback to manual redirect
+			// if auto-redirect is disabled or router not connected
+			setTimeout(() => {
+				const redirectPath = typeof redirect === 'string' ? redirect : '/'
+				router.push(redirectPath)
+			}, timeout)
 		}
 	} catch (err: unknown) {
 		const errorMessage = err instanceof Error ? err.message : 'Authentication failed'

package/src/sso.ts

@@ -314,6 +314,16 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 			const redirectUri = options.redirectUri ?? getDefaultRedirectUri()
 			const state = options.state ?? generateState()
 
+			// Preserve redirect URL from current location
+			if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+				const currentParams = queryParams()
+				const redirectUrl = currentParams.redirect
+				if (redirectUrl) {
+					// Store redirect URL to restore after OAuth callback
+					sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl)
+				}
+			}
+
 			// Store state AND provider in sessionStorage for verification
 			if (typeof sessionStorage !== 'undefined') {
 				sessionStorage.setItem(getStateKey(), state)
@@ -338,6 +348,16 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 			const state = options.state ?? generateState()
 			const timeout = options.popupTimeout ?? 90000
 
+			// Preserve redirect URL from current location (for popup flow too)
+			if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+				const currentParams = queryParams()
+				const redirectUrl = currentParams.redirect
+				if (redirectUrl) {
+					// Store redirect URL to restore after OAuth callback
+					sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl)
+				}
+			}
+
 			// Store state AND provider in sessionStorage for verification
 			if (typeof sessionStorage !== 'undefined') {
 				sessionStorage.setItem(getStateKey(), state)
@@ -615,6 +635,19 @@ function handleOAuthCallback(): Promise<AuthenticationResponse | null> {
 		throw new Error('Unable to determine OAuth provider. State may have expired.')
 	}
 
+	// Restore redirect URL to current location if it was stored
+	if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+		const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`)
+		if (storedRedirect) {
+			// Add redirect param back to URL so auto-redirect can pick it up
+			const url = new URL(window.location.href)
+			url.searchParams.set('redirect', storedRedirect)
+			window.history.replaceState({}, '', url.toString())
+			// Clean up
+			sessionStorage.removeItem(`oauth_redirect:${state}`)
+		}
+	}
+
 	return ssoProviders[provider].callback(code, state)
 }
 
@@ -636,5 +669,18 @@ function handleOAuthLinkCallback(): Promise<void> {
 		throw new Error('Unable to determine OAuth provider. State may have expired.')
 	}
 
+	// Restore redirect URL to current location if it was stored
+	if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+		const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`)
+		if (storedRedirect) {
+			// Add redirect param back to URL
+			const url = new URL(window.location.href)
+			url.searchParams.set('redirect', storedRedirect)
+			window.history.replaceState({}, '', url.toString())
+			// Clean up
+			sessionStorage.removeItem(`oauth_redirect:${state}`)
+		}
+	}
+
 	return ssoProviders[provider].link(code, state)
 }

package/src/types/redirect.ts

@@ -19,7 +19,7 @@ export interface RedirectConfig {
 	/**
 	 * Routes that require NO authentication (login, signup, forgot password, etc)
 	 * Authenticated users will be automatically redirected away from these pages
-	 * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback']
+	 * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'AuthCallback']
 	 */
 	noAuthRoutes?: string[]
 
@@ -77,7 +77,7 @@ export interface NormalizedRedirectConfig extends Required<Omit<RedirectConfig,
 export const DEFAULT_REDIRECT_CONFIG: NormalizedRedirectConfig = {
 	queryKey: 'redirect',
 	fallback: '/',
-	noAuthRoutes: ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback'],
+	noAuthRoutes: ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'AuthCallback'],
 	authenticatedRedirect: '/',
 	loginRoute: 'Login',
 	authMetaKey: 'auth',

package/src/useAuth.ts

@@ -175,7 +175,7 @@ function setupAutoRedirect() {
 	eventEmitter.on(AuthState.LOGIN, async () => {
 		// Only auto-redirect if router is available
 		if (!autoRedirectRouter) {
-			console.warn('[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.')
+			console.warn('[Auth] Auto-redirect enabled but router not set. Call auth.use(router) in your app setup.')
 			return
 		}