[openstreetmap/openstreetmap-website] OAuth2: Newly created and email-confirmed accounts not redirected to authorization page (Issue #6699)

Ganeshdarshan Venkatraman Bhat notifications at github.com
Thu Jan 15 15:40:58 UTC 2026 

bhatganeshdarshan left a comment (openstreetmap/openstreetmap-website#6699)

Once the user creates account from any 3rd party app or a website , the confirmation link sent to his email -> 
which looks like this : 

https://www.openstreetmap.org/user/pbhat222/confirm?confirm_string=eyJfcmFpbHMiOnsiZGF0YSI6WzIzNzA5NDc1LCJlZjFhYzEwYWJmYjVhMDM3ODE0ZWM4NDIwN2E5Zjk5YjA3MDg2MmJlZWRmYzdhZWIwZGNlMjkxNGIxZjc2ZjI1Il0sImV4cCI6IjIwMjYtMDEtMjFUMTc6NTM6MDkuNDAxWiIsInB1ciI6IlVzZXJcbm5ld191c2VyXG42MDQ4MDAifX0%3D--c37b97b0bd546d24907e4f6d97bf735a35adee74&referer=%2Fwelcome%3Foauth_return_url%3D%252Foauth2%252Fauthorize%253Fresponse_type%253Dcode%2526scope%253Dread_prefs%2526client_id%253DAgfBB6uYayyySNRwmhOrAq-AdtWs-12xBzaUjx31jmg%2526redirect_uri%253Dhttps%25253A%25252F%25252Fresultmaps.neis-one.org%25252Foauth2%25252F%25253Fmyclient%25253DHDYC%252526origin%25253Dhttps%25253A%25252F%25252Fhdyc.neis-one.org

this link successfully takes to home page and in down the 'continue authorization' button is visible 

But if user creates account and then clicks resend confirmation link , then the link which he receives after clicking resend button looks like this : 

https://www.openstreetmap.org/user/fifovGanesh/confirm?confirm_string=eyJfcmFpbHMiOnsiZGF0YSI6WzIzNzEzMDY4LCI5OTY1Njg2YTc2OTZlNDU0OTU1MGNhODY5YTE2ZWMyN2JlZDJiOTMyMWU4NWRkYjU4NjczNTE2Nzk0ZmY5MGRmIl0sImV4cCI6IjIwMjYtMDEtMjJUMTU6MDc6MjYuMzQwWiIsInB1ciI6IlVzZXJcbm5ld191c2VyXG42MDQ4MDAifX0%3D--8f661f7120dd4a85f42484f76bfe086203f9cf47

this doesnt have the 'continue authorization' 

and in the code 

app/controllers/confirmation_controller.rb

```
 def confirm_resend
    user = User.visible.find_by(:display_name => params[:display_name])

    if user.nil? || user.id != session[:pending_user]
      flash[:error] = t ".failure", :name => params[:display_name]
    else
      UserMailer.signup_confirm(user, user.generate_token_for(:new_user)).deliver_later
      flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
    end

    redirect_to login_path
  end
```

before doing `UserMailer.signup_confirm()` the system should preserve the original referer which has the `oauth_return_url` so shouldn't this be like : 

```
def confirm_resend 
    ...... 
   else
      # Preserve referer 
      referer = session[:referer]
      UserMailer.signup_confirm(user, user.generate_token_for(:new_user), referer).deliver_later
      flash[:notice] = { :partial => "confirmations/resend_success_flash", :locals => { :email => user.email, :sender => Settings.email_from } }
``` 

??

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/6699#issuecomment-3755473146
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/issues/6699/3755473146 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20260115/11f9ed9f/attachment.htm>

More information about the rails-dev mailing list