getAuthForRoute short-circuited with an early return for any signed-in browser before the #redirect= hash was inspected. So when a user copied the /login#redirect=<encoded /oauth/authorize URL> into a browser that was already signed in to Vikunja, Login.vue pushed them to home and the OAuth authorize never ran — meaning the native/desktop client never got its code. "Already signed in in my main browser, the desktop opened a different default browser" is the primary #2654 scenario, so this broke the feature's main path. Detect the redirect hash up front and, in the authenticated branch, return the decoded destination (e.g. /oauth/authorize?...) so the guard re-enters, early-returns for the authed session, and mounts OAuthAuthorize.vue with the existing token. The destination carries no redirect hash, so there is no loop. The unauthenticated path is unchanged (it still folds the hash into localStorage and proceeds to /login so redirectIfSaved() runs after login/register/OIDC). Add an e2e for the already-signed-in browser (authenticatedPage fixture) that asserts it lands on /oauth/authorize and completes the PKCE flow, and strengthen both tests to assert the OAuth params (response_type, client_id, code_challenge, state) survive in the decoded redirect destination rather than only checking the path. |
||
|---|---|---|
| .claude | ||
| .github | ||
| .vscode | ||
| .zed | ||
| build | ||
| contrib | ||
| desktop | ||
| examples/plugins/example | ||
| frontend | ||
| pkg | ||
| rest | ||
| veans | ||
| .devcontainer.json | ||
| .dockerignore | ||
| .editorconfig | ||
| .envrc | ||
| .gitignore | ||
| .golangci.yml | ||
| .opensourcefinder-verify | ||
| AGENTS.md | ||
| CHANGELOG.md | ||
| CLAUDE.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| LICENSE | ||
| README.md | ||
| cliff.toml | ||
| code-header-template.txt | ||
| conductor.json | ||
| config-raw.json | ||
| crowdin.yml | ||
| devenv.lock | ||
| devenv.nix | ||
| devenv.yaml | ||
| go.mod | ||
| go.sum | ||
| magefile.go | ||
| main.go | ||
| mise.toml | ||
| nfpm.yaml | ||
| publiccode.yml | ||
| renovate.json | ||
| tsconfig.json | ||
| vikunja.initd | ||
| vikunja.service | ||
README.md
Vikunja
The Todo-app to organize your life.
If Vikunja is useful to you, please consider buying me a coffee, sponsoring me on GitHub or buying a sticker pack. I'm also offering a hosted version of Vikunja if you want a hassle-free solution for yourself or your team.
Table of contents
Security Reports
If you find any security-related issues you don't want to disclose publicly, please use the contact information on our website.
Features
See the features page on our website for a more exhaustive list or try it on try.vikunja.io!
Docs
All docs can be found on the Vikunja home page.
Roadmap
See the roadmap (hosted on Vikunja!) for more!
Contributing
Please check out the contribution guidelines on the website.
License
Most of this repository is licensed under AGPL‑3.0‑or‑later.
The contents of desktop/ are licensed under
GPL‑3.0‑or‑later.
Unsplash Images
Background images from Unsplash are distributed under the Unsplash License. The license requires giving credit to the photographer and Unsplash. See Unsplash’s terms for more information.