From f3c2e47eb09d6e54888fbab640657772f152a075 Mon Sep 17 00:00:00 2001 From: Evie Gauthier Date: Mon, 18 May 2026 13:33:25 -0400 Subject: [PATCH 1/3] fix(auth): preserve addAccount parameter through SSO redirect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When adding a second account via SSO login/registration, the addAccount=1 parameter was not preserved through the SSO provider redirect. This caused the system to treat it as a primary login instead of adding an account, effectively blocking users from adding additional accounts when their first account used SSO. Changes: - Login.tsx: Check for addAccount param and include it in ssoRedirectUrl - Register.tsx: Same fix for SSO registration flow - Register.tsx: Import withSearchParam utility Flow now works: 1. User clicks "Add Account" → navigates with ?addAccount=1 2. User chooses SSO → redirectUrl includes ?addAccount=1 3. SSO provider redirects back → addAccount=1 preserved 4. Login completes → system knows to add account, not replace Fixes issue where SSO accounts blocked adding any other accounts (SSO or non-SSO). --- src/app/pages/auth/login/Login.tsx | 9 ++++++++- src/app/pages/auth/register/Register.tsx | 11 ++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/app/pages/auth/login/Login.tsx b/src/app/pages/auth/login/Login.tsx index 7f53af090..e94b1a4bb 100644 --- a/src/app/pages/auth/login/Login.tsx +++ b/src/app/pages/auth/login/Login.tsx @@ -41,7 +41,14 @@ export function Login() { const { loginFlows } = useAuthFlows(); const [searchParams] = useSearchParams(); const loginSearchParams = useLoginSearchParams(searchParams); - const ssoRedirectUrl = usePathWithOrigin(getLoginPath(server)); + + // Preserve addAccount parameter through SSO redirect + const baseRedirectUrl = usePathWithOrigin(getLoginPath(server)); + const isAddingAccount = searchParams.get('addAccount') === '1'; + const ssoRedirectUrl = isAddingAccount + ? withSearchParam(baseRedirectUrl, { addAccount: '1' }) + : baseRedirectUrl; + const loginTokenForHashRouter = getLoginTokenSearchParam(); const absoluteLoginPath = usePathWithOrigin(getLoginPath(server)); diff --git a/src/app/pages/auth/register/Register.tsx b/src/app/pages/auth/register/Register.tsx index 73497255e..2a36ab65f 100644 --- a/src/app/pages/auth/register/Register.tsx +++ b/src/app/pages/auth/register/Register.tsx @@ -6,7 +6,7 @@ import { useAuthServer } from '$hooks/useAuthServer'; import { RegisterFlowStatus, useAuthFlows } from '$hooks/useAuthFlows'; import { useParsedLoginFlows } from '$hooks/useParsedLoginFlows'; import { SupportedUIAFlowsLoader } from '$components/SupportedUIAFlowsLoader'; -import { getLoginPath } from '$pages/pathUtils'; +import { getLoginPath, withSearchParam } from '$pages/pathUtils'; import { usePathWithOrigin } from '$hooks/usePathWithOrigin'; import type { RegisterPathSearchParams } from '$pages/paths'; import { SSOLogin } from '$pages/auth/SSOLogin'; @@ -30,8 +30,13 @@ export function Register() { const registerSearchParams = useRegisterSearchParams(searchParams); const { sso } = useParsedLoginFlows(loginFlows.flows); - // redirect to /login because only that path handle m.login.token - const ssoRedirectUrl = usePathWithOrigin(getLoginPath(server)); + // redirect to /login because only that path handles m.login.token + // Preserve addAccount parameter through SSO redirect + const baseRedirectUrl = usePathWithOrigin(getLoginPath(server)); + const isAddingAccount = searchParams.get('addAccount') === '1'; + const ssoRedirectUrl = isAddingAccount + ? withSearchParam(baseRedirectUrl, { addAccount: '1' }) + : baseRedirectUrl; return ( From 74649838281b8a81d4e303aaf48f94f52de75eec Mon Sep 17 00:00:00 2001 From: Evie Gauthier Date: Tue, 19 May 2026 14:25:15 -0400 Subject: [PATCH 2/3] chore: add changeset --- .changeset/auth-sso-addaccount.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changeset/auth-sso-addaccount.md diff --git a/.changeset/auth-sso-addaccount.md b/.changeset/auth-sso-addaccount.md new file mode 100644 index 000000000..c2b2ece77 --- /dev/null +++ b/.changeset/auth-sso-addaccount.md @@ -0,0 +1,5 @@ +--- +default: patch +--- + +Preserve addAccount parameter through SSO redirect. From 16389223d54dce8fcf1bfe6d486b73a59e0c9790 Mon Sep 17 00:00:00 2001 From: Evie Gauthier Date: Tue, 19 May 2026 15:38:18 -0400 Subject: [PATCH 3/3] style: apply oxfmt formatting --- src/app/pages/auth/login/Login.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/app/pages/auth/login/Login.tsx b/src/app/pages/auth/login/Login.tsx index e94b1a4bb..d0b080c80 100644 --- a/src/app/pages/auth/login/Login.tsx +++ b/src/app/pages/auth/login/Login.tsx @@ -41,14 +41,14 @@ export function Login() { const { loginFlows } = useAuthFlows(); const [searchParams] = useSearchParams(); const loginSearchParams = useLoginSearchParams(searchParams); - + // Preserve addAccount parameter through SSO redirect const baseRedirectUrl = usePathWithOrigin(getLoginPath(server)); const isAddingAccount = searchParams.get('addAccount') === '1'; const ssoRedirectUrl = isAddingAccount ? withSearchParam(baseRedirectUrl, { addAccount: '1' }) : baseRedirectUrl; - + const loginTokenForHashRouter = getLoginTokenSearchParam(); const absoluteLoginPath = usePathWithOrigin(getLoginPath(server));