fix: use stable callback redirect_uri for oidc login

src/pages/AuthCallbackPage.vue

@@ -29,17 +29,18 @@ const error = ref('')
 
 onMounted(async () => {
   const code = route.query.code
-  const redirect = route.query.redirect || '/me'
+  const redirect = sessionStorage.getItem('post_login_redirect') || '/me'
   if (!code || typeof code !== 'string') {
     error.value = '缺少授權碼，請重新登入'
     return
   }
 
   try {
-    const callbackUrl = `${window.location.origin}/auth/callback?redirect=${encodeURIComponent(redirect)}`
+    const callbackUrl = `${window.location.origin}/auth/callback`
     const res = await exchangeOidcCode(code, callbackUrl)
     authStore.setToken(res.data.access_token)
     await authStore.fetchMe()
+    sessionStorage.removeItem('post_login_redirect')
     router.replace(typeof redirect === 'string' ? redirect : '/me')
   } catch (err) {
     authStore.logout()

src/pages/LoginPage.vue

@@ -48,7 +48,8 @@ async function handleOidcLogin() {
   error.value = ''
   try {
     const redirect = route.query.redirect || '/me'
-    const callbackUrl = `${window.location.origin}/auth/callback?redirect=${encodeURIComponent(redirect)}`
+    sessionStorage.setItem('post_login_redirect', typeof redirect === 'string' ? redirect : '/me')
+    const callbackUrl = `${window.location.origin}/auth/callback`
     const res = await getOidcAuthorizeUrl(callbackUrl)
     window.location.href = res.data.authorize_url
   } catch (err) {