email confirmation flow doesn't redirect to app

[roney492]

Describe the bug
After clicking on email confirmation the enrollment flow doesn't redirect the user to the consent page of the app he asked to access of when pressing signup

To Reproduce
Steps to reproduce the behavior:

1. Create an OpenID Oauth Flow for an Application
2. Call the API that executes the flow with the client credentials, enrollment flow gets executed, which lands the user on the signup page
3. After the signup page an email confirmation stage is executed which sends a confirmation mail to the user
4. On Clicking the Confirm button the user gets redirected back to the login page.

Expected behavior
The user should have gotten redirected to the App consent page which he initially asked access of when signing up.

Logs
email confirm button has the below URL linked to it:
https://atk.domain.com/if/flow/enrollment/?flow_token=ye13Jk5lK7zm7WTDrnYdAtMk4SyB4k7vtTPW5stkHAxcWh6oqnMxBXKai13v

The page where the enollment "Send email again" is at
next=/application/o/authorize/?response_type=code&client_id=8a354394065fe3f08cea3ca8104b4623b65fae89&scope=&redirect_uri=http://localhost:8100/api/test&state=572a2004-7918-49de-8458-58af41c86b83
If I ammend this to the email confirmation URL, it works perfectly.

Version and Deployment (please complete the following information):

• authentik version: 2023.3
• Deployment: Docker-compose

[roney492]

The below modification that I made to stage.py, fix the issue:

def get_full_url(self, **kwargs) -> str:
        """Get full URL to be used in template"""
        base_url = reverse(
            "authentik_core:if-flow",
            kwargs={"flow_slug": self.executor.flow.slug},
        )
        # Extract existing query parameters from the request's query string
        parsed_url = urlparse(self.request.get_full_path())
        existing_query_params = parse_qs(parsed_url.query)

        # Merge existing query parameters with new query parameters
        token = self.get_token()
        query_params = {**existing_query_params, **kwargs}
        query_params = {**{QS_KEY_TOKEN: token.key}, **query_params}


        # Build the final URL with all query parameters
        relative_url = f"{base_url}?{urlencode(query_params, doseq=True)}"
        return self.request.build_absolute_uri(relative_url)

 def send_email(self):
        """Helper function that sends the actual email. Implies that you've
        already checked that there is a pending user."""
        pending_user = self.get_pending_user()
        email = self.executor.plan.context.get(PLAN_CONTEXT_EMAIL_OVERRIDE, None)
        if not email:
            email = pending_user.email
        current_stage: EmailStage = self.executor.current_stage
        token = self.get_token()
        link = self.get_full_url().replace('query=', '')
        print(link)
        # Send mail to user
        message = TemplateEmailMessage(
            subject=_(current_stage.subject),
            to=[email],
            language=pending_user.locale(self.request),
            template_name=current_stage.template,
            template_context={
                "url": unquote(link),
                "user": pending_user,
                "expires": token.expires,
            },
        )
        send_mails(current_stage, message)

[roney492]

Request the team to please check and implement the bugfix for same

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.