feat: redirect to OIDC authorization after login when pending

src/fastapi_oidc_op/authn/routes.py

@@ -13,6 +13,17 @@ from fastapi_oidc_op.userid import generate_unique_userid
 router = APIRouter(tags=["authn"])
 
 
+def _login_redirect_target(request: Request) -> str:
+    """Determine where to redirect after successful login.
+
+    If there's a pending OIDC authorization request, redirect to complete it.
+    Otherwise, redirect to credential management.
+    """
+    if "oidc_auth_request" in request.session:
+        return "/authorization/complete"
+    return "/manage/credentials"
+
+
 @router.get("/login", response_class=HTMLResponse)
 async def login_page(request: Request) -> HTMLResponse:
     templates = request.app.state.templates
@@ -46,7 +57,7 @@ async def login_password(
     request.session["username"] = user.username
 
     response = Response()
-    response.headers["HX-Redirect"] = "/manage/credentials"
+    response.headers["HX-Redirect"] = _login_redirect_target(request)
     return response
 
 
@@ -150,5 +161,5 @@ async def login_webauthn_complete(request: Request) -> Response:
     request.session["username"] = user.username
 
     response = Response()
-    response.headers["HX-Redirect"] = "/manage/credentials"
+    response.headers["HX-Redirect"] = _login_redirect_target(request)
     return response