signin after register

apps/login/readme.md

@@ -236,6 +236,7 @@ Requests to the APIs made:
 - `addOTPEmail()` / `addOTPSMS()`
 
 This page directly calls `addOTPEmail()` or `addOTPSMS()` when invoked and shows a success message.
+Right afterwards, redirects to verify the method.
 
 ### /u2f/set
 
@@ -274,7 +275,7 @@ Requests to the APIs made:
 
 To register a user, the organization where the resource will be created is determined first. If no context is provided via url, we fall back to the default organization of the instance.
 
-**PASSWORD:** If a password is set, the user is created as a resource, then a session using the password check is created immediately.
+**PASSWORD:** If a password is set, the user is created as a resource, then a session using the password check is created immediately. After creating the session, the user is directly logged in and eventually redirected back to the application.
 
 **PASSKEY:** If passkey is selected, the user is created as a resource first, then a session using the userId is created immediately. This session does not yet contain a check, we therefore redirect the user to setup a passkey at `/passkey/set`. As the passkey set page verifies the passkey right afterwards, the process ends with a signed in user.
 

apps/login/src/app/(login)/otp/[method]/set/page.tsx

@@ -13,6 +13,7 @@ import TOTPRegister from "@/ui/TOTPRegister";
 import UserAvatar from "@/ui/UserAvatar";
 import { RegisterTOTPResponse } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 import Link from "next/link";
+import { redirect } from "next/navigation";
 
 export default async function Page({
   searchParams,
@@ -80,6 +81,10 @@ export default async function Page({
 
   if (checkAfter) {
     urlToContinue = `/otp/${method}?` + paramsToContinue;
+    // immediately check the OTP on the next page if sms or email was set up
+    if (["email", "sms"].includes(method)) {
+      return redirect(urlToContinue);
+    }
   } else if (authRequestId && sessionId) {
     urlToContinue = `/login?` + paramsToContinue;
   } else if (loginName) {

apps/login/src/ui/SetPasswordForm.tsx

@@ -81,12 +81,12 @@ export default function SetPasswordForm({
       return;
     }
 
-    const userReponse = response as RegisterUserResponse;
+    const userResponse = response as RegisterUserResponse;
 
-    const params = new URLSearchParams({ userId: userReponse.userId });
+    const params = new URLSearchParams({ userId: userResponse.userId });
 
-    if (userReponse.factors?.user?.loginName) {
-      params.append("loginName", userReponse.factors.user.loginName);
+    if (userResponse.factors?.user?.loginName) {
+      params.append("loginName", userResponse.factors.user.loginName);
     }
     if (authRequestId) {
       params.append("authRequestId", authRequestId);
@@ -94,11 +94,18 @@ export default function SetPasswordForm({
     if (organization) {
       params.append("organization", organization);
     }
-    if (userReponse && userReponse.sessionId) {
-      params.append("sessionId", userReponse.sessionId);
+    if (userResponse && userResponse.sessionId) {
+      params.append("sessionId", userResponse.sessionId);
     }
 
-    return router.push(`/verify?` + params);
+    // skip verification for now as it is an app based flow
+    // return router.push(`/verify?` + params);
+
+    if (authRequestId && userResponse.sessionId) {
+      return router.push(`/login?` + params);
+    } else {
+      return router.push(`/signedin?` + params);
+    }
   }
 
   const { errors } = formState;