From 8d92600ae49a3170505bcb3cfe20a5dc3570e8fe Mon Sep 17 00:00:00 2001
From: Mayank Jha <mayank.jha@techdome.net.in>
Date: Mon, 30 Mar 2026 13:46:32 +0530
Subject: [PATCH 1/3] fix: encode base64 token [SPRW-3158]

---
 src/pages/Auth/login-page/LoginPage.svelte    | 22 +++++++++++++++++--
 .../SelfHostLoginPage.svelte                  | 20 ++++++++++++++---
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/src/pages/Auth/login-page/LoginPage.svelte b/src/pages/Auth/login-page/LoginPage.svelte
index caf48d0..7f89ac8 100644
--- a/src/pages/Auth/login-page/LoginPage.svelte
+++ b/src/pages/Auth/login-page/LoginPage.svelte
@@ -112,14 +112,32 @@
 							isLogin = true;
 							const accessToken = response?.accessToken?.token;
 							const refreshToken = response?.refreshToken?.token;
-							const sparrowRedirect = `sparrow://?selfhostBackendUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : ""}&selfhostAdminUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_ADMIN_URL : ""}&selfhostWebUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : ""}&accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;
+							const payload = {
+								selfhostBackendUrl:
+									constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : '',
+								selfhostAdminUrl:
+									constants.APP_EDITION === AppEdition.SELFHOSTED
+										? constants.SPARROW_ADMIN_URL
+										: '',
+								selfhostWebUrl:
+									constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : '',
+								accessToken,
+								refreshToken,
+								response,
+								event: 'login',
+								method: 'email'
+							};
+
+							const encodedPayload = encodeURIComponent(btoa(JSON.stringify(payload)));
+
+							const sparrowRedirect = `sparrow://?data=${encodedPayload}`;
 							const sparrowWebRedirect =
 								constants.SPARROW_WEB_URL +
 								`?accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;
 							let sparrowAdminRedirect =
 								constants.SPARROW_ADMIN_URL +
 								`?accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;
-							if(flow === "standard") { 
+							if (flow === 'standard') {
 								sparrowAdminRedirect = sparrowAdminRedirect + '&flow=standard';
 							}
 							if (redirctSource === 'desktop') {
diff --git a/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte b/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte
index 3e34f57..89de664 100644
--- a/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte
+++ b/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte
@@ -112,9 +112,23 @@
 						isLogin = true;
 						const accessToken = response?.accessToken?.token;
 						const refreshToken = response?.refreshToken?.token;
-						const sparrowRedirect = `sparrow://?selfhostBackendUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : ""}&selfhostAdminUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_ADMIN_URL : ""}&selfhostWebUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : ""}&accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email&isSelfHostLogin=true&backendUrl=${btoa(
-							sessionStorage.getItem(`selfhost-backendurl`) || ''
-						)}&adminUrl=${btoa(sessionStorage.getItem(`selfhost-adminurl`) || '')}`;
+						const payload = {
+							selfhostBackendUrl:
+								constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : '',
+							selfhostAdminUrl:
+								constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_ADMIN_URL : '',
+							selfhostWebUrl:
+								constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : '',
+							accessToken,
+							refreshToken,
+							response,
+							event: 'login',
+							method: 'email'
+						};
+
+						const encodedPayload = encodeURIComponent(btoa(JSON.stringify(payload)));
+
+						const sparrowRedirect = `sparrow://?data=${encodedPayload}`;
 						const sparrowWebRedirect =
 							constants.SPARROW_WEB_URL +
 							`?accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;

From 69ae6e6c9c6f0562a7f566dbc5321da34cd10392 Mon Sep 17 00:00:00 2001
From: Mayank Jha <mayank.jha@techdome.net.in>
Date: Mon, 30 Mar 2026 15:40:29 +0530
Subject: [PATCH 2/3] fix: version bump

---
 .github/workflows/staging.yml | 2 +-
 package.json                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml
index 223a00c..277fbdb 100644
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@@ -3,7 +3,7 @@ name: Staging Deployment
 on:
   push:
     branches:
-      - release/2.37.0
+      - release/2.39.0
   workflow_dispatch:
 
 env:	
diff --git a/package.json b/package.json
index c633c02..8863f70 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "sparrow-auth",
-	"version": "2.37.0",
+	"version": "2.39.0",
 	"scripts": {
 		"dev": "vite dev",
 		"build": "vite build",

From c922d9bf8892c4656a179ca04ce1075cdca849e3 Mon Sep 17 00:00:00 2001
From: Nayan Lakhwani <nayan.lakhwani123@gmail.com>
Date: Tue, 31 Mar 2026 13:23:47 +0530
Subject: [PATCH 3/3] Revert "fix: encode auth token in base64 for Sparrow deep
 link with backward compatibility [SPRW-3158]"

---
 src/pages/Auth/login-page/LoginPage.svelte    | 22 ++-----------------
 .../SelfHostLoginPage.svelte                  | 20 +++--------------
 2 files changed, 5 insertions(+), 37 deletions(-)

diff --git a/src/pages/Auth/login-page/LoginPage.svelte b/src/pages/Auth/login-page/LoginPage.svelte
index 7f89ac8..caf48d0 100644
--- a/src/pages/Auth/login-page/LoginPage.svelte
+++ b/src/pages/Auth/login-page/LoginPage.svelte
@@ -112,32 +112,14 @@
 							isLogin = true;
 							const accessToken = response?.accessToken?.token;
 							const refreshToken = response?.refreshToken?.token;
-							const payload = {
-								selfhostBackendUrl:
-									constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : '',
-								selfhostAdminUrl:
-									constants.APP_EDITION === AppEdition.SELFHOSTED
-										? constants.SPARROW_ADMIN_URL
-										: '',
-								selfhostWebUrl:
-									constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : '',
-								accessToken,
-								refreshToken,
-								response,
-								event: 'login',
-								method: 'email'
-							};
-
-							const encodedPayload = encodeURIComponent(btoa(JSON.stringify(payload)));
-
-							const sparrowRedirect = `sparrow://?data=${encodedPayload}`;
+							const sparrowRedirect = `sparrow://?selfhostBackendUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : ""}&selfhostAdminUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_ADMIN_URL : ""}&selfhostWebUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : ""}&accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;
 							const sparrowWebRedirect =
 								constants.SPARROW_WEB_URL +
 								`?accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;
 							let sparrowAdminRedirect =
 								constants.SPARROW_ADMIN_URL +
 								`?accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;
-							if (flow === 'standard') {
+							if(flow === "standard") { 
 								sparrowAdminRedirect = sparrowAdminRedirect + '&flow=standard';
 							}
 							if (redirctSource === 'desktop') {
diff --git a/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte b/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte
index 89de664..3e34f57 100644
--- a/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte
+++ b/src/pages/Auth/self-host-login-page/SelfHostLoginPage.svelte
@@ -112,23 +112,9 @@
 						isLogin = true;
 						const accessToken = response?.accessToken?.token;
 						const refreshToken = response?.refreshToken?.token;
-						const payload = {
-							selfhostBackendUrl:
-								constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : '',
-							selfhostAdminUrl:
-								constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_ADMIN_URL : '',
-							selfhostWebUrl:
-								constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : '',
-							accessToken,
-							refreshToken,
-							response,
-							event: 'login',
-							method: 'email'
-						};
-
-						const encodedPayload = encodeURIComponent(btoa(JSON.stringify(payload)));
-
-						const sparrowRedirect = `sparrow://?data=${encodedPayload}`;
+						const sparrowRedirect = `sparrow://?selfhostBackendUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.API_URL : ""}&selfhostAdminUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_ADMIN_URL : ""}&selfhostWebUrl=${constants.APP_EDITION === AppEdition.SELFHOSTED ? constants.SPARROW_WEB_URL : ""}&accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email&isSelfHostLogin=true&backendUrl=${btoa(
+							sessionStorage.getItem(`selfhost-backendurl`) || ''
+						)}&adminUrl=${btoa(sessionStorage.getItem(`selfhost-adminurl`) || '')}`;
 						const sparrowWebRedirect =
 							constants.SPARROW_WEB_URL +
 							`?accessToken=${accessToken}&refreshToken=${refreshToken}&response=${JSON.stringify(response)}&event=login&method=email`;