A native client (desktop/mobile/etc.) opens /oauth/authorize in the OS browser. When the user is unauthenticated, the router previously saved the destination to localStorage and redirected to a bare /login, stripping the authorize URL from the address bar. localStorage is per-browser, so a user who is signed in (or wants to sign in) in a different browser could not copy the URL over and complete the flow. Now, when an unauthenticated user hits oauth.authorize, redirect to /login with the authorize path+query encoded in a #redirect= hash. The hash keeps the URL copyable across browsers while keeping the embedded OAuth params out of server/proxy access logs (a query param would be logged). On arrival at the auth route, the hash is decoded and folded back into the existing localStorage redirect mechanism (saveLastVisited), so redirectIfSaved() completes the journey after any auth method - including the external OIDC round-trip, where localStorage is the only bridge that survives leaving the SPA (populated before the user leaves to the IdP). Scoped strictly to oauth.authorize for all client_ids; every other route keeps its existing localStorage redirect behavior. Fixes #2654 |
||
|---|---|---|
| .claude | ||
| .github | ||
| .vscode | ||
| .zed | ||
| build | ||
| contrib | ||
| desktop | ||
| examples/plugins/example | ||
| frontend | ||
| pkg | ||
| rest | ||
| veans | ||
| .devcontainer.json | ||
| .dockerignore | ||
| .editorconfig | ||
| .envrc | ||
| .gitignore | ||
| .golangci.yml | ||
| .opensourcefinder-verify | ||
| AGENTS.md | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
| cliff.toml | ||
| code-header-template.txt | ||
| conductor.json | ||
| config-raw.json | ||
| crowdin.yml | ||
| devenv.lock | ||
| devenv.nix | ||
| devenv.yaml | ||
| go.mod | ||
| go.sum | ||
| magefile.go | ||
| main.go | ||
| mise.toml | ||
| nfpm.yaml | ||
| publiccode.yml | ||
| renovate.json | ||
| tsconfig.json | ||
| vikunja.initd | ||
| vikunja.service | ||
README.md
Vikunja
The Todo-app to organize your life.
If Vikunja is useful to you, please consider buying me a coffee, sponsoring me on GitHub or buying a sticker pack. I'm also offering a hosted version of Vikunja if you want a hassle-free solution for yourself or your team.
Table of contents
Security Reports
If you find any security-related issues you don't want to disclose publicly, please use the contact information on our website.
Features
See the features page on our website for a more exhaustive list or try it on try.vikunja.io!
Docs
All docs can be found on the Vikunja home page.
Roadmap
See the roadmap (hosted on Vikunja!) for more!
Contributing
Please check out the contribution guidelines on the website.
License
Most of this repository is licensed under AGPL‑3.0‑or‑later.
The contents of desktop/ are licensed under
GPL‑3.0‑or‑later.
Unsplash Images
Background images from Unsplash are distributed under the Unsplash License. The license requires giving credit to the photographer and Unsplash. See Unsplash’s terms for more information.