From b6b734dbd172d7318dd6576711d5bee7827fde36 Mon Sep 17 00:00:00 2001
From: Paul Huliganga <paje0101@gmail.com>
Date: Wed, 22 Apr 2026 22:14:29 -0400
Subject: [PATCH] Fix OAuth callback hash redirects

---
 web/routers/auth.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/web/routers/auth.py b/web/routers/auth.py
index d8cdf7a..8ea8618 100644
--- a/web/routers/auth.py
+++ b/web/routers/auth.py
@@ -40,9 +40,11 @@ def _adobe_redirect_uri() -> str:
 
 
 def _sanitize_return_to(value: str | None) -> str:
-    if value and value.startswith("#/"):
+    if value and value.startswith("/#/"):
         return value
-    return "#/templates"
+    if value and value.startswith("#/"):
+        return f"/{value}"
+    return "/#/templates"
 
 
 def _build_adobe_authorization_url(state: str) -> str:
@@ -489,7 +491,7 @@ def docusign_start(request: Request):
     state = secrets.token_urlsafe(24)
     session["docusign_oauth_state"] = state
     session["docusign_auth_mode"] = "authorization_pending"
-    session["docusign_return_to"] = "#/templates"
+    session["docusign_return_to"] = "/#/templates"
     authorization_url = build_authorization_url(state=state)
     log_event(
         request,