From b083c910b369c168956e6bd9a73f37f8693e2055 Mon Sep 17 00:00:00 2001
From: GareArc <garethcxy@dify.ai>
Date: Tue, 28 Apr 2026 20:42:06 -0700
Subject: [PATCH] fix(web/device): bounce to authorize_account after post-login
 return
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When an unauthenticated user submits a user_code, the chooser view
holds the typed code and redirects to /signin. After login, the page
re-mounts on /device with no URL params (already scrubbed on the
first render) and account loaded — but the existing useEffect path
only advanced when ssoVerified or urlUserCode was present.

Add an early branch: if view is chooser and account just loaded,
advance to authorize_account using the userCode stashed in view
state. Also widen the effect deps to view (not view.kind) so the
nested userCode reads stay current.
---
 web/app/device/page.tsx | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/web/app/device/page.tsx b/web/app/device/page.tsx
index 0bfa1afbb2..c7ac95e1c9 100644
--- a/web/app/device/page.tsx
+++ b/web/app/device/page.tsx
@@ -70,6 +70,13 @@ export default function DevicePage() {
   // leak via history / Referer / server logs (RFC 8628 §5.4).
   useEffect(() => {
     if (view.kind !== 'code_entry' && view.kind !== 'chooser') return
+    // Post-login bounce: chooser holds the typed code, account just loaded.
+    // The URL was already scrubbed on the first effect run, so urlUserCode
+    // is empty here — advance using the userCode stashed in view state.
+    if (view.kind === 'chooser' && account) {
+      setView({ kind: 'authorize_account', userCode: view.userCode })
+      return
+    }
     let consumed = false
     if (ssoVerified) {
       setView({ kind: 'authorize_sso' })
@@ -84,7 +91,7 @@ export default function DevicePage() {
     }
     if (consumed && (urlUserCode || ssoVerified))
       router.replace(pathname)
-  }, [urlUserCode, ssoVerified, account, view.kind, router, pathname])
+  }, [urlUserCode, ssoVerified, account, view, router, pathname])
 
   const onContinue = async () => {
     if (!isValidUserCode(typed)) return