feat(web): desktop OAuth deep link redirect

surfsense_web/app/(home)/login/page.tsx

@@ -35,6 +35,15 @@ function LoginContent() {
 			localStorage.setItem("surfsense_redirect_path", decodeURIComponent(returnUrl));
 		}
 
+		// Desktop app: persist login source so TokenHandler can redirect to
+		// the surfsense:// deep link after the OAuth round-trip completes.
+		const source = searchParams.get("source");
+		if (source === "desktop") {
+			sessionStorage.setItem("surfsense_login_source", "desktop");
+		} else {
+			sessionStorage.removeItem("surfsense_login_source");
+		}
+
 		// Show registration success message
 		if (registered === "true") {
 			toast.success(t("register_success"), {

surfsense_web/components/TokenHandler.tsx

@@ -60,6 +60,15 @@ const TokenHandler = ({
 					setRefreshToken(refreshToken);
 				}
 
+				// Desktop app: redirect tokens to the Electron deep link handler
+				const loginSource = sessionStorage.getItem("surfsense_login_source");
+				if (loginSource === "desktop") {
+					sessionStorage.removeItem("surfsense_login_source");
+					const deepLink = `surfsense://auth/callback?token=${token}${refreshToken ? `&refresh_token=${refreshToken}` : ""}`;
+					window.location.href = deepLink;
+					return;
+				}
+
 				// Check if there's a saved redirect path from before the auth flow
 				const savedRedirectPath = getAndClearRedirectPath();