From 5e7569395bf2929f5f178eae28c7f57fa0f180f8 Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Thu, 14 May 2026 16:33:06 +0200
Subject: [PATCH] api: respect ?next= url parmeter on login

---
 api/src/dooris_api/app.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/api/src/dooris_api/app.py b/api/src/dooris_api/app.py
index 27f581a..7a19535 100644
--- a/api/src/dooris_api/app.py
+++ b/api/src/dooris_api/app.py
@@ -147,16 +147,19 @@ async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidC
         deps.persist_auth_state(
             oidc_client, resp, auth_result, auth_start_time, req.cookies["auth_nonce"]
         )
-
-        # redirect the user to the page they wanted to visit
-        # TODO: respect "auth_next" cookie to redirect the user to a specific url
         logger.debug("successfully authenticated user")
-        return str(req.url_for("get-user-info"))
+
+        # respect originally requested ?next= url and reset the storage
+        resp.set_cookie("auth_next", "", max_age=0)
+        if "auth_next" in req.cookies:
+            return req.cookies["auth_next"]
+        else:
+            return "/"
     else:
         logger.debug(
             "could not authenticate user because of OIDC error; redirecting to error page with error messages intact"
         )
-        return f"/auth/login-error?{req.query_params}"
+        return f"/login-error?{req.query_params}"
 
 
 @app.get(