Messages

Thanks, will do. I'll open a feature request on GitHub. But I'm pretty busy right now, so it might take me a few days to get to it. I'll post the link here once it's filed.

Cheers,
Marco

I suspect this isn't a config error on your side. I'm seeing the same behavior here.

As far as I can tell, the redirect_uri has to be the fixed .../api/oidc/rp/finalize/<appcode> callback, and finalize seems to just create the session and send you to the dashboard. My guess is the originally requested URL simply isn't carried through the round trip (it would need to be stashed in the OAuth state and restored at finalize), so it gets lost—whereas with password login that URL never leaves OPNsense, which would explain why it works there.

I also couldn't find any setting for it: the WebGui/Admin provider only exposes Application code, Service, Extensive log, and Description.

Since it's a Business Edition feature, I assume any fix would have to come from Deciso – probably worth a feature request to preserve the original REQUEST_URI (validated as a local /ui/... path so it can't become an open redirect).