From 4b50b8c579ce22d61596b5828aecaaf0381ef399 Mon Sep 17 00:00:00 2001
From: Levi <81591061+levischd@users.noreply.github.com>
Date: Thu, 12 Feb 2026 03:09:35 +0100
Subject: [PATCH] Fix: persist SSO auth token on root route loader (#12784)

### What problem does this PR solve?

This PR fixes SSO/OIDC login persistence after the Vite migration
#12568. Because wrappers are ignored by React Router, the OAuth callback
never stored the auth token in localStorage, causing auth to only work
while ?auth= stayed in the URL. We move that logic into a route loader
and remove the Bearer prefix for the signed token so the backend accepts
it.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)

Contribution during my time at RAGcon GmbH.

Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
---
 web/src/routes.tsx                  | 14 ++++++++++++--
 web/src/utils/authorization-util.ts |  4 +---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/web/src/routes.tsx b/web/src/routes.tsx
index ab05987c92..198b95f496 100644
--- a/web/src/routes.tsx
+++ b/web/src/routes.tsx
@@ -1,7 +1,8 @@
 import { lazy, memo, Suspense } from 'react';
-import { createBrowserRouter, Navigate, type RouteObject } from 'react-router';
+import { createBrowserRouter, Navigate, redirect, type RouteObject } from 'react-router';
 import FallbackComponent from './components/fallback-component';
 import { IS_ENTERPRISE } from './pages/admin/utils';
+import authorizationUtil from './utils/authorization-util';
 
 export enum Routes {
   Root = '/',
@@ -141,7 +142,16 @@ const routeConfigOptions = [
     path: Routes.Root,
     layout: false,
     Component: () => import('@/layouts/next'),
-    wrappers: ['@/wrappers/auth'],
+    loader: ({ request }) => {
+      const url = new URL(request.url);
+      const auth = url.searchParams.get('auth');
+      if (auth) {
+        authorizationUtil.setAuthorization(auth);
+        url.searchParams.delete('auth');
+        return redirect(`${url.pathname}${url.search}`);
+      }
+      return null;
+    },
     children: [
       {
         path: Routes.Root,
diff --git a/web/src/utils/authorization-util.ts b/web/src/utils/authorization-util.ts
index e25e4915f1..328def48de 100644
--- a/web/src/utils/authorization-util.ts
+++ b/web/src/utils/authorization-util.ts
@@ -49,9 +49,7 @@ const storage = {
 
 export const getAuthorization = () => {
   const auth = getSearchValue('auth');
-  const authorization = auth
-    ? 'Bearer ' + auth
-    : storage.getAuthorization() || '';
+  const authorization = auth ? auth : storage.getAuthorization() || '';
 
   return authorization;
 };