@bagelink/auth 1.7.76 → 1.7.80

package/README.md

@@ -294,7 +294,7 @@ await sso.google.redirect({
 // router.ts
 {
   path: '/auth/callback',
-  name: 'Callback',
+  name: 'AuthCallback',
   component: () => import('@bagelink/auth').then(m => m.Callback),
 }
 ```
@@ -308,6 +308,31 @@ await sso.google.redirect({
 - Okta
 - Facebook
 
+### SSO Redirect Preservation
+
+When users access a protected route and authenticate via SSO, the original URL is automatically preserved:
+
+```typescript
+// User tries to access /dashboard (protected)
+// ↓ Redirected to /login?redirect=/dashboard
+// ↓ User clicks "Login with Google"
+// ↓ Goes to Google OAuth
+// ↓ Returns to /auth/callback
+// ↓ Automatically redirected to /dashboard ✅
+```
+
+**How it works:**
+1. The `redirect` query param is stored in `sessionStorage` before SSO redirect
+2. After OAuth callback, it's restored to the URL
+3. Auto-redirect (or manual fallback) uses it to navigate to the original destination
+
+**Manual SSO with redirect:**
+```typescript
+// On login page with ?redirect=/dashboard
+await sso.google.redirect()
+// Redirect param is automatically preserved across the OAuth flow
+```
+
 ## Advanced Configuration
 
 ### Security: Restrict Redirect Paths

package/dist/index.cjs

@@ -1086,10 +1086,14 @@ const _sfc_main$4 = /* @__PURE__ */ vue.defineComponent({
     });
     async function linkCallback() {
       isLinking.value = true;
+      const { redirect: redirect2 } = route.query;
       try {
         await sso2.handleLinkCallback();
         success.value = true;
-        setTimeout(() => router2.push("/"), timeout);
+        setTimeout(() => {
+          const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+          router2.push(redirectPath);
+        }, timeout);
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Failed to link account";
         error.value = errorMessage;
@@ -1099,8 +1103,10 @@ const _sfc_main$4 = /* @__PURE__ */ vue.defineComponent({
     }
     async function handleCallback() {
       var _a;
-      const { state } = route.query;
+      const { state, redirect: redirect2 } = route.query;
       provider.value = sessionStorage.getItem(`oauth_provider:${state}`);
+      console.log("[Callback] Query params:", { state, redirect: redirect2 });
+      console.log("[Callback] Full route query:", route.query);
       try {
         const response = await sso2.handleCallback();
         if (response === null) {
@@ -1108,7 +1114,12 @@ const _sfc_main$4 = /* @__PURE__ */ vue.defineComponent({
         } else {
           authResponse.value = response;
           success.value = true;
-          setTimeout(() => router2.push("/"), timeout);
+          console.log("[Callback] Login successful, redirect param:", redirect2);
+          setTimeout(() => {
+            const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+            console.log("[Callback] Manual fallback redirecting to:", redirectPath);
+            router2.push(redirectPath);
+          }, timeout);
         }
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Authentication failed";
@@ -1418,11 +1429,15 @@ function isValidRedirect(redirectUrl, allowedPaths) {
 }
 async function performRedirect(router2, config) {
   const redirect2 = getRedirectUrl(router2, config);
+  console.log("[PerformRedirect] Current route query:", router2.currentRoute.value.query);
+  console.log("[PerformRedirect] Redirect URL:", redirect2);
+  console.log("[PerformRedirect] Config fallback:", config.fallback);
   if (redirect2 !== config.fallback && !isValidRedirect(redirect2, config.allowedPaths)) {
     console.warn("[Auth] Invalid redirect URL detected, using fallback:", redirect2);
     await router2.push(config.fallback);
     return;
   }
+  console.log("[PerformRedirect] Redirecting to:", redirect2);
   await router2.push(redirect2);
 }
 function buildLoginQuery(currentPath, config) {
@@ -1584,6 +1599,16 @@ function createSSOProvider(config) {
       const auth = getAuthApi();
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          console.log("[SSO] Preserving redirect URL:", redirectUrl, "with state:", state);
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        } else {
+          console.log("[SSO] No redirect URL found in current params:", currentParams);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1602,6 +1627,13 @@ function createSSOProvider(config) {
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
       const timeout2 = options.popupTimeout ?? 9e4;
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1818,6 +1850,20 @@ function handleOAuthCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      console.log("[SSO] Restoring redirect URL:", storedRedirect);
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      console.log("[SSO] URL updated to:", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    } else {
+      console.log("[SSO] No stored redirect URL found for state:", state);
+      console.log("[SSO] SessionStorage keys:", Object.keys(sessionStorage));
+    }
+  }
   return ssoProviders[provider].callback(code, state);
 }
 function handleOAuthLinkCallback() {
@@ -1829,6 +1875,15 @@ function handleOAuthLinkCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    }
+  }
   return ssoProviders[provider].link(code, state);
 }
 var AuthState = /* @__PURE__ */ ((AuthState2) => {
@@ -1891,7 +1946,7 @@ function accountToUser(account) {
 const DEFAULT_REDIRECT_CONFIG = {
   queryKey: "redirect",
   fallback: "/",
-  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "Callback"],
+  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "AuthCallback"],
   authenticatedRedirect: "/",
   loginRoute: "Login",
   authMetaKey: "auth",
@@ -2019,7 +2074,7 @@ function setupAutoRedirect() {
   if (!eventEmitter || !redirectConfig) return;
   eventEmitter.on(AuthState.LOGIN, async () => {
     if (!autoRedirectRouter) {
-      console.warn("[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.");
+      console.warn("[Auth] Auto-redirect enabled but router not set. Call auth.use(router) in your app setup.");
       return;
     }
     const { performRedirect: performRedirect2 } = await Promise.resolve().then(() => redirect);

package/dist/index.mjs

@@ -1084,10 +1084,14 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
     });
     async function linkCallback() {
       isLinking.value = true;
+      const { redirect: redirect2 } = route.query;
       try {
         await sso2.handleLinkCallback();
         success.value = true;
-        setTimeout(() => router2.push("/"), timeout);
+        setTimeout(() => {
+          const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+          router2.push(redirectPath);
+        }, timeout);
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Failed to link account";
         error.value = errorMessage;
@@ -1097,8 +1101,10 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
     }
     async function handleCallback() {
       var _a;
-      const { state } = route.query;
+      const { state, redirect: redirect2 } = route.query;
       provider.value = sessionStorage.getItem(`oauth_provider:${state}`);
+      console.log("[Callback] Query params:", { state, redirect: redirect2 });
+      console.log("[Callback] Full route query:", route.query);
       try {
         const response = await sso2.handleCallback();
         if (response === null) {
@@ -1106,7 +1112,12 @@ const _sfc_main$4 = /* @__PURE__ */ defineComponent({
         } else {
           authResponse.value = response;
           success.value = true;
-          setTimeout(() => router2.push("/"), timeout);
+          console.log("[Callback] Login successful, redirect param:", redirect2);
+          setTimeout(() => {
+            const redirectPath = typeof redirect2 === "string" ? redirect2 : "/";
+            console.log("[Callback] Manual fallback redirecting to:", redirectPath);
+            router2.push(redirectPath);
+          }, timeout);
         }
       } catch (err) {
         const errorMessage = err instanceof Error ? err.message : "Authentication failed";
@@ -1416,11 +1427,15 @@ function isValidRedirect(redirectUrl, allowedPaths) {
 }
 async function performRedirect(router2, config) {
   const redirect2 = getRedirectUrl(router2, config);
+  console.log("[PerformRedirect] Current route query:", router2.currentRoute.value.query);
+  console.log("[PerformRedirect] Redirect URL:", redirect2);
+  console.log("[PerformRedirect] Config fallback:", config.fallback);
   if (redirect2 !== config.fallback && !isValidRedirect(redirect2, config.allowedPaths)) {
     console.warn("[Auth] Invalid redirect URL detected, using fallback:", redirect2);
     await router2.push(config.fallback);
     return;
   }
+  console.log("[PerformRedirect] Redirecting to:", redirect2);
   await router2.push(redirect2);
 }
 function buildLoginQuery(currentPath, config) {
@@ -1582,6 +1597,16 @@ function createSSOProvider(config) {
       const auth = getAuthApi();
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          console.log("[SSO] Preserving redirect URL:", redirectUrl, "with state:", state);
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        } else {
+          console.log("[SSO] No redirect URL found in current params:", currentParams);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1600,6 +1625,13 @@ function createSSOProvider(config) {
       const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
       const state = options.state ?? generateState();
       const timeout2 = options.popupTimeout ?? 9e4;
+      if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+        const currentParams = queryParams();
+        const redirectUrl = currentParams.redirect;
+        if (redirectUrl) {
+          sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl);
+        }
+      }
       if (typeof sessionStorage !== "undefined") {
         sessionStorage.setItem(getStateKey(), state);
         sessionStorage.setItem(`oauth_provider:${state}`, config.id);
@@ -1816,6 +1848,20 @@ function handleOAuthCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      console.log("[SSO] Restoring redirect URL:", storedRedirect);
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      console.log("[SSO] URL updated to:", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    } else {
+      console.log("[SSO] No stored redirect URL found for state:", state);
+      console.log("[SSO] SessionStorage keys:", Object.keys(sessionStorage));
+    }
+  }
   return ssoProviders[provider].callback(code, state);
 }
 function handleOAuthLinkCallback() {
@@ -1827,6 +1873,15 @@ function handleOAuthLinkCallback() {
   if (!provider || !isSupportedProvider(provider)) {
     throw new Error("Unable to determine OAuth provider. State may have expired.");
   }
+  if (typeof window !== "undefined" && typeof sessionStorage !== "undefined") {
+    const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`);
+    if (storedRedirect) {
+      const url = new URL(window.location.href);
+      url.searchParams.set("redirect", storedRedirect);
+      window.history.replaceState({}, "", url.toString());
+      sessionStorage.removeItem(`oauth_redirect:${state}`);
+    }
+  }
   return ssoProviders[provider].link(code, state);
 }
 var AuthState = /* @__PURE__ */ ((AuthState2) => {
@@ -1889,7 +1944,7 @@ function accountToUser(account) {
 const DEFAULT_REDIRECT_CONFIG = {
   queryKey: "redirect",
   fallback: "/",
-  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "Callback"],
+  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "AuthCallback"],
   authenticatedRedirect: "/",
   loginRoute: "Login",
   authMetaKey: "auth",
@@ -2017,7 +2072,7 @@ function setupAutoRedirect() {
   if (!eventEmitter || !redirectConfig) return;
   eventEmitter.on(AuthState.LOGIN, async () => {
     if (!autoRedirectRouter) {
-      console.warn("[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.");
+      console.warn("[Auth] Auto-redirect enabled but router not set. Call auth.use(router) in your app setup.");
       return;
     }
     const { performRedirect: performRedirect2 } = await Promise.resolve().then(() => redirect);

package/dist/types/redirect.d.ts

@@ -16,7 +16,7 @@ export interface RedirectConfig {
     /**
      * Routes that require NO authentication (login, signup, forgot password, etc)
      * Authenticated users will be automatically redirected away from these pages
-     * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback']
+     * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'AuthCallback']
      */
     noAuthRoutes?: string[];
     /**

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@bagelink/auth",
   "type": "module",
-  "version": "1.7.76",
+  "version": "1.7.80",
   "description": "Bagelink auth package",
   "author": {
     "name": "Bagel Studio",

package/src/pages/Callback.vue

@@ -26,10 +26,14 @@ const providerInfo = computed(() => {
 
 async function linkCallback() {
 	isLinking.value = true
+	const { redirect } = route.query
 	try {
 		await sso.handleLinkCallback()
 		success.value = true
-		setTimeout(() => router.push('/'), timeout)
+		setTimeout(() => {
+			const redirectPath = typeof redirect === 'string' ? redirect : '/'
+			router.push(redirectPath)
+		}, timeout)
 	} catch (err: unknown) {
 		const errorMessage = err instanceof Error ? err.message : 'Failed to link account'
 		error.value = errorMessage
@@ -39,8 +43,10 @@ async function linkCallback() {
 }
 
 async function handleCallback() {
-	const { state } = route.query
+	const { state, redirect } = route.query
 	provider.value = sessionStorage.getItem(`oauth_provider:${state}`) as SSOProvider
+	console.log('[Callback] Query params:', { state, redirect })
+	console.log('[Callback] Full route query:', route.query)
 
 	try {
 		const response = await sso.handleCallback()
@@ -49,7 +55,14 @@ async function handleCallback() {
 		} else {
 			authResponse.value = response
 			success.value = true
-			setTimeout(() => router.push('/'), timeout)
+			console.log('[Callback] Login successful, redirect param:', redirect)
+			// Auto-redirect will handle navigation, but fallback to manual redirect
+			// if auto-redirect is disabled or router not connected
+			setTimeout(() => {
+				const redirectPath = typeof redirect === 'string' ? redirect : '/'
+				console.log('[Callback] Manual fallback redirecting to:', redirectPath)
+				router.push(redirectPath)
+			}, timeout)
 		}
 	} catch (err: unknown) {
 		const errorMessage = err instanceof Error ? err.message : 'Authentication failed'

package/src/redirect.ts

@@ -64,6 +64,9 @@ export async function performRedirect(
 	config: NormalizedRedirectConfig,
 ): Promise<void> {
 	const redirect = getRedirectUrl(router, config)
+	console.log('[PerformRedirect] Current route query:', router.currentRoute.value.query)
+	console.log('[PerformRedirect] Redirect URL:', redirect)
+	console.log('[PerformRedirect] Config fallback:', config.fallback)
 
 	// Always validate redirect URL for security
 	if (redirect !== config.fallback && !isValidRedirect(redirect, config.allowedPaths)) {
@@ -72,6 +75,7 @@ export async function performRedirect(
 		return
 	}
 
+	console.log('[PerformRedirect] Redirecting to:', redirect)
 	await router.push(redirect)
 }
 

package/src/sso.ts

@@ -314,6 +314,19 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 			const redirectUri = options.redirectUri ?? getDefaultRedirectUri()
 			const state = options.state ?? generateState()
 
+			// Preserve redirect URL from current location
+			if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+				const currentParams = queryParams()
+				const redirectUrl = currentParams.redirect
+				if (redirectUrl) {
+					// Store redirect URL to restore after OAuth callback
+					console.log('[SSO] Preserving redirect URL:', redirectUrl, 'with state:', state)
+					sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl)
+				} else {
+					console.log('[SSO] No redirect URL found in current params:', currentParams)
+				}
+			}
+
 			// Store state AND provider in sessionStorage for verification
 			if (typeof sessionStorage !== 'undefined') {
 				sessionStorage.setItem(getStateKey(), state)
@@ -338,6 +351,16 @@ function createSSOProvider(config: SSOProviderConfig): SSOProviderInstance {
 			const state = options.state ?? generateState()
 			const timeout = options.popupTimeout ?? 90000
 
+			// Preserve redirect URL from current location (for popup flow too)
+			if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+				const currentParams = queryParams()
+				const redirectUrl = currentParams.redirect
+				if (redirectUrl) {
+					// Store redirect URL to restore after OAuth callback
+					sessionStorage.setItem(`oauth_redirect:${state}`, redirectUrl)
+				}
+			}
+
 			// Store state AND provider in sessionStorage for verification
 			if (typeof sessionStorage !== 'undefined') {
 				sessionStorage.setItem(getStateKey(), state)
@@ -615,6 +638,24 @@ function handleOAuthCallback(): Promise<AuthenticationResponse | null> {
 		throw new Error('Unable to determine OAuth provider. State may have expired.')
 	}
 
+	// Restore redirect URL to current location if it was stored
+	if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+		const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`)
+		if (storedRedirect) {
+			// Add redirect param back to URL so auto-redirect can pick it up
+			console.log('[SSO] Restoring redirect URL:', storedRedirect)
+			const url = new URL(window.location.href)
+			url.searchParams.set('redirect', storedRedirect)
+			window.history.replaceState({}, '', url.toString())
+			console.log('[SSO] URL updated to:', url.toString())
+			// Clean up
+			sessionStorage.removeItem(`oauth_redirect:${state}`)
+		} else {
+			console.log('[SSO] No stored redirect URL found for state:', state)
+			console.log('[SSO] SessionStorage keys:', Object.keys(sessionStorage))
+		}
+	}
+
 	return ssoProviders[provider].callback(code, state)
 }
 
@@ -636,5 +677,18 @@ function handleOAuthLinkCallback(): Promise<void> {
 		throw new Error('Unable to determine OAuth provider. State may have expired.')
 	}
 
+	// Restore redirect URL to current location if it was stored
+	if (typeof window !== 'undefined' && typeof sessionStorage !== 'undefined') {
+		const storedRedirect = sessionStorage.getItem(`oauth_redirect:${state}`)
+		if (storedRedirect) {
+			// Add redirect param back to URL
+			const url = new URL(window.location.href)
+			url.searchParams.set('redirect', storedRedirect)
+			window.history.replaceState({}, '', url.toString())
+			// Clean up
+			sessionStorage.removeItem(`oauth_redirect:${state}`)
+		}
+	}
+
 	return ssoProviders[provider].link(code, state)
 }

package/src/types/redirect.ts

@@ -19,7 +19,7 @@ export interface RedirectConfig {
 	/**
 	 * Routes that require NO authentication (login, signup, forgot password, etc)
 	 * Authenticated users will be automatically redirected away from these pages
-	 * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback']
+	 * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'AuthCallback']
 	 */
 	noAuthRoutes?: string[]
 
@@ -77,7 +77,7 @@ export interface NormalizedRedirectConfig extends Required<Omit<RedirectConfig,
 export const DEFAULT_REDIRECT_CONFIG: NormalizedRedirectConfig = {
 	queryKey: 'redirect',
 	fallback: '/',
-	noAuthRoutes: ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback'],
+	noAuthRoutes: ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'AuthCallback'],
 	authenticatedRedirect: '/',
 	loginRoute: 'Login',
 	authMetaKey: 'auth',

package/src/useAuth.ts

@@ -175,7 +175,7 @@ function setupAutoRedirect() {
 	eventEmitter.on(AuthState.LOGIN, async () => {
 		// Only auto-redirect if router is available
 		if (!autoRedirectRouter) {
-			console.warn('[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.')
+			console.warn('[Auth] Auto-redirect enabled but router not set. Call auth.use(router) in your app setup.')
 			return
 		}