From 9a40626a2755b7380c5992a9c3a99300a6a97367 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Mon, 6 Apr 2026 09:45:46 +0200
Subject: [PATCH] fix: include BASE_PATH and ?local in OIDC post-logout
 redirect URI

Without BASE_PATH the redirect fails behind a reverse proxy. Adding
?local prevents the SSO auto-redirect from immediately signing the
user back in after logout.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 ui/src/auth/auth-store.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ui/src/auth/auth-store.ts b/ui/src/auth/auth-store.ts
index f7b1dd01..6b775391 100644
--- a/ui/src/auth/auth-store.ts
+++ b/ui/src/auth/auth-store.ts
@@ -1,5 +1,6 @@
 import { create } from 'zustand';
 import { api } from '../api/client';
+import { config } from '../config';
 
 interface AuthState {
   accessToken: string | null;
@@ -154,7 +155,7 @@ export const useAuthStore = create<AuthState>((set, get) => ({
       error: null,
     });
     if (endSessionEndpoint && idToken) {
-      const postLogoutRedirect = `${window.location.origin}/login`;
+      const postLogoutRedirect = `${window.location.origin}${config.basePath}login?local`;
       const params = new URLSearchParams({
         id_token_hint: idToken,
         post_logout_redirect_uri: postLogoutRedirect,