From bf206ae67c64dd053ae97b54c9cb92d61cc4bb2b Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Tue, 31 Mar 2026 14:55:46 -0700
Subject: [PATCH] Bump mcdsl to v1.6.0 (SSO redirect fix)

Fixes SSO login redirect loop where the return-to cookie stored
/sso/redirect, bouncing users back to MCIAS after successful login.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 go.mod                                      | 2 +-
 go.sum                                      | 2 ++
 vendor/git.wntrmute.dev/mc/mcdsl/sso/sso.go | 2 +-
 vendor/modules.txt                          | 2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f6f63ab..4074e39 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module git.wntrmute.dev/mc/mcr
 go 1.25.7
 
 require (
-	git.wntrmute.dev/mc/mcdsl v1.5.0
+	git.wntrmute.dev/mc/mcdsl v1.6.0
 	github.com/go-chi/chi/v5 v5.2.5
 	github.com/google/uuid v1.6.0
 	github.com/spf13/cobra v1.10.2
diff --git a/go.sum b/go.sum
index 6933cf4..b9c2e95 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,7 @@
 git.wntrmute.dev/mc/mcdsl v1.5.0 h1:JUlSYuvETRCycf+cZ56Gxp/1XZn0T7fOfWezM3m89qE=
 git.wntrmute.dev/mc/mcdsl v1.5.0/go.mod h1:MhYahIu7Sg53lE2zpQ20nlrsoNRjQzOJBAlCmom2wJc=
+git.wntrmute.dev/mc/mcdsl v1.6.0 h1:Vn1uy6b1yZ4Y8fsl1+kLucVprrFKlQ4SN2cjUH/Eg2k=
+git.wntrmute.dev/mc/mcdsl v1.6.0/go.mod h1:MhYahIu7Sg53lE2zpQ20nlrsoNRjQzOJBAlCmom2wJc=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
diff --git a/vendor/git.wntrmute.dev/mc/mcdsl/sso/sso.go b/vendor/git.wntrmute.dev/mc/mcdsl/sso/sso.go
index d2e17dd..e0fb6f2 100644
--- a/vendor/git.wntrmute.dev/mc/mcdsl/sso/sso.go
+++ b/vendor/git.wntrmute.dev/mc/mcdsl/sso/sso.go
@@ -229,7 +229,7 @@ func ValidateStateCookie(w http.ResponseWriter, r *http.Request, prefix, querySt
 // redirect back to it after SSO login completes.
 func SetReturnToCookie(w http.ResponseWriter, r *http.Request, prefix string) {
 	path := r.URL.Path
-	if path == "" || path == "/login" || path == "/sso/callback" {
+	if path == "" || path == "/login" || strings.HasPrefix(path, "/sso/") {
 		path = "/"
 	}
 	http.SetCookie(w, &http.Cookie{
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 4c9af62..b0617f1 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,4 +1,4 @@
-# git.wntrmute.dev/mc/mcdsl v1.5.0
+# git.wntrmute.dev/mc/mcdsl v1.6.0
 ## explicit; go 1.25.7
 git.wntrmute.dev/mc/mcdsl/auth
 git.wntrmute.dev/mc/mcdsl/config