Description
Currently, when users try to access a protected route directly (like /dashboard), they get redirected to the main domain root instead of staying on that route. Users have to click the sign-in button every time, and the OAuth callback generates a new unique code on each page refresh (e.g., ?code=XXXXXXXXXXXXXXXXX), which forces re-authentication.
(tested only on the remote opensync.dev site)
Expected behavior
- Users should be able to navigate directly to any protected route and remain logged in across sessions
- Authentication tokens should persist properly so refreshing the page doesn't trigger a new sign-in flow
- After successful authentication, users should be redirected back to the route they originally requested, not the root
Current behavior
- Direct navigation to protected routes redirects to the main domain root
- Every page refresh requires clicking sign-in again
- A new callback code is generated on each visit
- Users lose their session state on page refresh
Why this matters
This creates friction for regular users and makes it impossible to bookmark or share links to specific dashboard views. It also means re-authenticating happens far more often than it should.
Description
Currently, when users try to access a protected route directly (like
/dashboard), they get redirected to the main domain root instead of staying on that route. Users have to click the sign-in button every time, and the OAuth callback generates a new unique code on each page refresh (e.g.,?code=XXXXXXXXXXXXXXXXX), which forces re-authentication.(tested only on the remote opensync.dev site)
Expected behavior
Current behavior
Why this matters
This creates friction for regular users and makes it impossible to bookmark or share links to specific dashboard views. It also means re-authenticating happens far more often than it should.