From df6bc59652d3017efa6168837ae81659774b2808 Mon Sep 17 00:00:00 2001
From: "martin f. krafft" <madduck@madduck.net>
Date: Wed, 8 Oct 2025 17:37:55 +0200
Subject: Overwrite SSO redirect_url host with current URL host

---
 inject/disable-password-login.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'inject/disable-password-login.js')

diff --git a/inject/disable-password-login.js b/inject/disable-password-login.js
index 432dc81..bd0ed8e 100644
--- a/inject/disable-password-login.js
+++ b/inject/disable-password-login.js
@@ -11,8 +11,17 @@ export function disablePasswordLogin() {
       if (sso) {
         const link = sso.getElementsByTagName("a")[0];
         if (link.innerText.search("Authentik") + link.innerText.search("TONI SSO") > 0) {
-          console.info("Redirecting to SSO login:", link.href);
-          window.location.replace(link.href);
+          const curUrl = URL.parse(window.location);
+          let targetUrl = URL.parse(link.href);
+          let SSOQueryString = new URLSearchParams(targetUrl.search);
+
+          let redirectUrl = URL.parse(SSOQueryString.get("redirect_uri"));
+          redirectUrl["hostname"] = curUrl["hostname"];
+          SSOQueryString.set("redirect_uri", redirectUrl.toString());
+          targetUrl["search"] = SSOQueryString.toString();
+
+          console.info("Redirecting to SSO login:", targetUrl.toString());
+          window.location.replace(targetUrl.toString());
         }
       }
     });
-- 
cgit v1.2.3