fix(web/device): bounce to authorize_account after post-login return

When an unauthenticated user submits a user_code, the chooser view holds the typed code and redirects to /signin. After login, the page re-mounts on /device with no URL params (already scrubbed on the first render) and account loaded — but the existing useEffect path only advanced when ssoVerified or urlUserCode was present. Add an early branch: if view is chooser and account just loaded, advance to authorize_account using the userCode stashed in view state. Also widen the effect deps to view (not view.kind) so the nested userCode reads stay current.
2026-05-09 04:36:31 +08:00 · 2026-04-28 20:42:06 -07:00 · 2026-04-28 20:42:06 -07:00 · b083c910b3
commit b083c910b3
parent 9b2a37ceff
1 changed files with 8 additions and 1 deletions
--- a/web/app/device/page.tsx
+++ b/web/app/device/page.tsx
@ -70,6 +70,13 @@ export default function DevicePage() {
  // leak via history / Referer / server logs (RFC 8628 §5.4).
  useEffect(() => {
    if (view.kind !== 'code_entry' && view.kind !== 'chooser') return
+    // Post-login bounce: chooser holds the typed code, account just loaded.
+    // The URL was already scrubbed on the first effect run, so urlUserCode
+    // is empty here — advance using the userCode stashed in view state.
+    if (view.kind === 'chooser' && account) {
+      setView({ kind: 'authorize_account', userCode: view.userCode })
+      return
+    }
    let consumed = false
    if (ssoVerified) {
      setView({ kind: 'authorize_sso' })
@ -84,7 +91,7 @@ export default function DevicePage() {
    }
    if (consumed && (urlUserCode || ssoVerified))
      router.replace(pathname)
-  }, [urlUserCode, ssoVerified, account, view.kind, router, pathname])
+  }, [urlUserCode, ssoVerified, account, view, router, pathname])

  const onContinue = async () => {
    if (!isValidUserCode(typed)) return