From e2defbc49ad798644fcee6eb4a699e56d7149019 Mon Sep 17 00:00:00 2001
From: Frank de Lange <github-f@unternet.org>
Date: Sat, 31 May 2025 00:12:53 +0200
Subject: [PATCH] feat: start oauth with `autoLaunch=1` (#18763)

* Add automatic OpenID Connect login by using parameter `autoLaunch=1`

By launching Immich with `/auth/login?autoLaunch=1` an OpenID Connect login attempt is directly initated on installations where OAuth Auto Launch is not enabled. The intended use for this parameter is to enable Immich to be launched from e.g. Nextcloud using the _External sites_ app and the _oids_ OpenID Connect provider app so as to enable the user to directly interact with Immich without the need to press the `Login with ...` button.

* Add documentation for autolaunch by navigating to `/auth/login?autoLaunch=1`

* Look ma, no braces!

_This could be a single line_

And now it is, as is its predecessor.

* Change formatting to satisfy _prettier_

* if (condition) return true -> return condition

* More _prettier_ reformatting

* Look ma, braces!
---
 docs/docs/administration/oauth.md      | 1 +
 web/src/lib/utils.ts                   | 4 ++++
 web/src/routes/auth/login/+page.svelte | 5 ++++-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/docs/administration/oauth.md b/docs/docs/administration/oauth.md
index 2dc6990944..b60b5dbb8b 100644
--- a/docs/docs/administration/oauth.md
+++ b/docs/docs/administration/oauth.md
@@ -93,6 +93,7 @@ The `.well-known/openid-configuration` part of the url is optional and will be a
 ## Auto Launch
 
 When Auto Launch is enabled, the login page will automatically redirect the user to the OAuth authorization url, to login with OAuth. To access the login screen again, use the browser's back button, or navigate directly to `/auth/login?autoLaunch=0`.
+Auto Launch can also be enabled on a per-request basis by navigating to `/auth/login?authLaunch=1`, this can be useful in situations where Immich is called from e.g. Nextcloud using the _External sites_ app and the _oidc_ app so as to enable users to directly interact with a logged-in instance of Immich.
 
 ## Mobile Redirect URI
 
diff --git a/web/src/lib/utils.ts b/web/src/lib/utils.ts
index 645c485cc5..bfb8998781 100644
--- a/web/src/lib/utils.ts
+++ b/web/src/lib/utils.ts
@@ -275,6 +275,10 @@ export const oauth = {
     }
     return false;
   },
+  isAutoLaunchEnabled: (location: Location) => {
+    const value = 'autoLaunch=1';
+    return location.search.includes(value);
+  },
   authorize: async (location: Location) => {
     const $t = get(t);
     try {
diff --git a/web/src/routes/auth/login/+page.svelte b/web/src/routes/auth/login/+page.svelte
index 5cce88ae2c..7937a55f80 100644
--- a/web/src/routes/auth/login/+page.svelte
+++ b/web/src/routes/auth/login/+page.svelte
@@ -53,7 +53,10 @@
     }
 
     try {
-      if ($featureFlags.oauthAutoLaunch && !oauth.isAutoLaunchDisabled(globalThis.location)) {
+      if (
+        ($featureFlags.oauthAutoLaunch && !oauth.isAutoLaunchDisabled(globalThis.location)) ||
+        oauth.isAutoLaunchEnabled(globalThis.location)
+      ) {
         await goto(`${AppRoute.AUTH_LOGIN}?autoLaunch=0`, { replaceState: true });
         await oauth.authorize(globalThis.location);
         return;