diff --git a/src/components/DeeplinkWrapper/index.website.js b/src/components/DeeplinkWrapper/index.website.js index ee5c5e6183e9..0cd7bfd93241 100644 --- a/src/components/DeeplinkWrapper/index.website.js +++ b/src/components/DeeplinkWrapper/index.website.js @@ -30,7 +30,10 @@ function promptToOpenInDesktopApp() { if (Str.startsWith(window.location.pathname, Str.normalizeUrl(ROUTES.TRANSITION_BETWEEN_APPS))) { App.beginDeepLinkRedirectAfterTransition(); } else { - App.beginDeepLinkRedirect(); + // Match any magic link (/v//<6 digit code>) + const isMagicLink = CONST.REGEX.ROUTES.VALIDATE_LOGIN.test(window.location.pathname); + + App.beginDeepLinkRedirect(!isMagicLink); } } function DeeplinkWrapper({children, isAuthenticated}) { diff --git a/src/libs/actions/App.js b/src/libs/actions/App.js index d82c1e78fe0c..46d21d50cc3e 100644 --- a/src/libs/actions/App.js +++ b/src/libs/actions/App.js @@ -435,13 +435,18 @@ function openProfile(personalDetails) { ); } -function beginDeepLinkRedirect() { +/** + * @param {boolean} shouldAuthenticateWithCurrentAccount Optional, indicates whether default authentication method (shortLivedAuthToken) should be used + */ +function beginDeepLinkRedirect(shouldAuthenticateWithCurrentAccount = true) { // There's no support for anonymous users on desktop if (Session.isAnonymousUser()) { return; } - if (!currentUserAccountID) { + // If the route that is being handled is a magic link, email and shortLivedAuthToken should not be attached to the url + // to prevent signing into the wrong account + if (!currentUserAccountID || !shouldAuthenticateWithCurrentAccount) { Browser.openRouteInDesktopApp(); return; } @@ -452,8 +457,11 @@ function beginDeepLinkRedirect() { }); } -function beginDeepLinkRedirectAfterTransition() { - waitForSignOnTransitionToFinish().then(beginDeepLinkRedirect); +/** + * @param {boolean} shouldAuthenticateWithCurrentAccount Optional, indicates whether default authentication method (shortLivedAuthToken) should be used + */ +function beginDeepLinkRedirectAfterTransition(shouldAuthenticateWithCurrentAccount = true) { + waitForSignOnTransitionToFinish().then(() => beginDeepLinkRedirect(shouldAuthenticateWithCurrentAccount)); } export {