diff --git a/frontend/src/routes/OAuth2FA.svelte b/frontend/src/routes/OAuth2FA.svelte
index 2eaf565..a9218e6 100644
--- a/frontend/src/routes/OAuth2FA.svelte
+++ b/frontend/src/routes/OAuth2FA.svelte
@@ -32,7 +32,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -50,6 +50,11 @@
 
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
diff --git a/frontend/src/routes/OAuthAccounts.svelte b/frontend/src/routes/OAuthAccounts.svelte
index 013b3e9..29289e1 100644
--- a/frontend/src/routes/OAuthAccounts.svelte
+++ b/frontend/src/routes/OAuthAccounts.svelte
@@ -58,7 +58,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -80,12 +80,19 @@
       }
 
       if (data.needs_2fa) {
-        navigate(routes.oauth2fa, { params: { request_uri: requestUri, channel: data.channel || '' } })
+        navigate(routes.oauth2fa, {
+          params: { request_uri: requestUri, channel: data.channel || '' }
+        })
         return
       }
 
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
@@ -128,12 +135,7 @@
 
     <div class="accounts-list">
       {#each accounts as account}
-        <button
-          type="button"
-          class="account-item"
-          class:disabled={submitting}
-          onclick={() => !submitting && handleSelectAccount(account.did)}
-        >
+        <button type="button" class="account-item" class:disabled={submitting} onclick={() => !submitting && handleSelectAccount(account.did)}>
           <div class="account-info">
             <span class="account-handle">@{account.handle}</span>
             <span class="account-email">{account.email}</span>
@@ -202,7 +204,9 @@
     cursor: pointer;
     text-align: left;
     width: 100%;
-    transition: border-color var(--transition-fast), box-shadow var(--transition-fast);
+    transition:
+      border-color var(--transition-fast),
+      box-shadow var(--transition-fast);
   }
 
   .account-item:hover:not(.disabled) {
diff --git a/frontend/src/routes/OAuthConsent.svelte b/frontend/src/routes/OAuthConsent.svelte
index 2123f13..5486456 100644
--- a/frontend/src/routes/OAuthConsent.svelte
+++ b/frontend/src/routes/OAuthConsent.svelte
@@ -57,12 +57,7 @@
       const data: ConsentData = await response.json()
       consentData = data
 
-      scopeSelections = Object.fromEntries(
-        data.scopes.map((scope) => [
-          scope.scope,
-          scope.required ? true : scope.granted ?? true,
-        ])
-      )
+      scopeSelections = Object.fromEntries(data.scopes.map((scope) => [scope.scope, scope.required ? true : (scope.granted ?? true)]))
 
       if (!data.show_consent) {
         await submitConsent()
@@ -93,8 +88,8 @@
         body: JSON.stringify({
           request_uri: consentData.request_uri,
           approved_scopes: approvedScopes,
-          remember: rememberChoice,
-        }),
+          remember: rememberChoice
+        })
       })
 
       if (!response.ok) {
@@ -107,6 +102,11 @@
       const data = await response.json()
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
       }
     } catch {
       error = $_('oauth.error.genericError')
@@ -135,7 +135,7 @@
   }
 
   function handleScopeToggle(scope: string) {
-    const scopeInfo = consentData?.scopes.find(s => s.scope === scope)
+    const scopeInfo = consentData?.scopes.find((s) => s.scope === scope)
     if (scopeInfo?.required) return
     scopeSelections[scope] = !scopeSelections[scope]
   }
@@ -144,7 +144,7 @@
     return scopes.reduce(
       (groups, scope) => ({
         ...groups,
-        [scope.category]: [...(groups[scope.category] ?? []), scope],
+        [scope.category]: [...(groups[scope.category] ?? []), scope]
       }),
       {} as Record<string, ScopeInfo[]>
     )
@@ -176,7 +176,9 @@
             <img src={consentData.logo_uri} alt="" class="client-logo" />
           {/if}
           <h1>{consentData.client_name || $_('oauth.consent.title')}</h1>
-          <p class="subtitle">{$_('oauth.consent.appWantsAccess', { values: { app: '' } })}</p>
+          <p class="subtitle">
+            {$_('oauth.consent.appWantsAccess', { values: { app: '' } })}
+          </p>
           {#if consentData.client_uri}
             <a href={consentData.client_uri} target="_blank" rel="noopener noreferrer" class="client-link">
               {consentData.client_uri}
@@ -186,7 +188,9 @@
 
         <div class="account-info">
           {#if consentData.is_delegation}
-            <div class="delegation-badge">{$_('oauthConsent.delegatedAccess')}</div>
+            <div class="delegation-badge">
+              {$_('oauthConsent.delegatedAccess')}
+            </div>
             <div class="delegation-info">
               <div class="info-row">
                 <span class="label">{$_('oauthConsent.actingAs')}</span>
@@ -204,7 +208,17 @@
             {#if consentData.delegation_level && consentData.delegation_level !== 'Owner'}
               <div class="permissions-notice">
                 <div class="notice-header">
-                  <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="10"/><line x1="12" y1="8" x2="12" y2="12"/><line x1="12" y1="16" x2="12.01" y2="16"/></svg>
+                  <svg
+                    xmlns="http://www.w3.org/2000/svg"
+                    width="16"
+                    height="16"
+                    viewBox="0 0 24 24"
+                    fill="none"
+                    stroke="currentColor"
+                    stroke-width="2"
+                    stroke-linecap="round"
+                    stroke-linejoin="round"><circle cx="12" cy="12" r="10" /><line x1="12" y1="8" x2="12" y2="12" /><line x1="12" y1="16" x2="12.01" y2="16" /></svg
+                  >
                   <span>{$_('oauthConsent.permissionsLimited')}</span>
                 </div>
                 <p class="notice-text">
@@ -213,7 +227,9 @@
                   {:else if consentData.delegation_level === 'Editor'}
                     {$_('oauthConsent.editorLimitedDesc')}
                   {:else}
-                    {$_('oauthConsent.permissionsLimitedDesc', { values: { level: consentData.delegation_level } })}
+                    {$_('oauthConsent.permissionsLimitedDesc', {
+                      values: { level: consentData.delegation_level }
+                    })}
                   {/if}
                 </p>
               </div>
@@ -243,12 +259,7 @@
                 <h3 class="category-title">{category}</h3>
                 {#each scopes as scope}
                   <label class="scope-item" class:required={scope.required}>
-                    <input
-                      type="checkbox"
-                      checked={scopeSelections[scope.scope]}
-                      disabled={scope.required || submitting}
-                      onchange={() => handleScopeToggle(scope.scope)}
-                    />
+                    <input type="checkbox" checked={scopeSelections[scope.scope]} disabled={scope.required || submitting} onchange={() => handleScopeToggle(scope.scope)} />
                     <div class="scope-info">
                       <span class="scope-name">{scope.display_name}</span>
                       <span class="scope-description">{scope.description}</span>
@@ -524,7 +535,7 @@
     border-style: dashed;
   }
 
-  .scope-item input[type="checkbox"] {
+  .scope-item input[type='checkbox'] {
     flex-shrink: 0;
     width: 18px;
     height: 18px;
diff --git a/frontend/src/routes/OAuthDelegation.svelte b/frontend/src/routes/OAuthDelegation.svelte
index 77d0c19..6976dde 100644
--- a/frontend/src/routes/OAuthDelegation.svelte
+++ b/frontend/src/routes/OAuthDelegation.svelte
@@ -1,11 +1,7 @@
 <script lang="ts">
   import { navigate, routes } from '../lib/router.svelte'
   import { _ } from '../lib/i18n'
-  import {
-    prepareRequestOptions,
-    serializeAssertionResponse,
-    type WebAuthnRequestOptionsResponse,
-  } from '../lib/webauthn'
+  import { prepareRequestOptions, serializeAssertionResponse, type WebAuthnRequestOptionsResponse } from '../lib/webauthn'
 
   let delegatedDid = $state<string | null>(null)
   let delegatedHandle = $state<string | null>(null)
@@ -123,7 +119,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -141,9 +137,9 @@
       const { options } = await startResponse.json()
       const publicKeyOptions = prepareRequestOptions(options as WebAuthnRequestOptionsResponse)
 
-      const credential = await navigator.credentials.get({
+      const credential = (await navigator.credentials.get({
         publicKey: publicKeyOptions
-      }) as PublicKeyCredential | null
+      })) as PublicKeyCredential | null
 
       if (!credential) {
         error = $_('oauthDelegation.passkeyCancelled')
@@ -157,7 +153,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -182,12 +178,19 @@
       }
 
       if (data.needs_2fa) {
-        navigate(routes.oauth2fa, { params: { request_uri: requestUri, channel: data.channel || '' } })
+        navigate(routes.oauth2fa, {
+          params: { request_uri: requestUri, channel: data.channel || '' }
+        })
         return
       }
 
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
@@ -216,7 +219,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -241,12 +244,19 @@
       }
 
       if (data.needs_2fa) {
-        navigate(routes.oauth2fa, { params: { request_uri: requestUri, channel: data.channel || '' } })
+        navigate(routes.oauth2fa, {
+          params: { request_uri: requestUri, channel: data.channel || '' }
+        })
         return
       }
 
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
@@ -271,7 +281,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({ request_uri: requestUri })
       })
@@ -279,6 +289,11 @@
       const data = await response.json()
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
       }
     } catch {
       window.history.back()
@@ -301,7 +316,9 @@
     <header class="page-header">
       <h1>{$_('oauthDelegation.title')}</h1>
       <p class="subtitle">
-        {$_('oauthDelegation.isDelegated', { values: { handle: delegatedHandle } })}
+        {$_('oauthDelegation.isDelegated', {
+          values: { handle: delegatedHandle }
+        })}
         <br />{$_('oauthDelegation.enterControllerHandle')}
       </p>
     </header>
@@ -337,7 +354,12 @@
     <header class="page-header">
       <h1>{$_('oauthDelegation.signInAsController')}</h1>
       <p class="subtitle">
-        {$_('oauthDelegation.authenticateAs', { values: { controller: '@' + controllerIdentifier.replace(/^@/, ''), delegated: delegatedHandle } })}
+        {$_('oauthDelegation.authenticateAs', {
+          values: {
+            controller: '@' + controllerIdentifier.replace(/^@/, ''),
+            delegated: delegatedHandle
+          }
+        })}
       </p>
     </header>
 
@@ -354,12 +376,7 @@
         <div class="auth-methods">
           <div class="passkey-method">
             <h3>{$_('oauthDelegation.signInWithPasskey')}</h3>
-            <button
-              type="button"
-              class="passkey-btn"
-              onclick={handlePasskeyLogin}
-              disabled={submitting}
-            >
+            <button type="button" class="passkey-btn" onclick={handlePasskeyLogin} disabled={submitting}>
               <svg class="passkey-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
                 <path d="M15 7a4 4 0 1 0-8 0 4 4 0 0 0 8 0z" />
                 <path d="M17 17v4l3-2-3-2z" />
@@ -378,14 +395,7 @@
           <div class="password-method">
             <h3>{$_('oauthDelegation.password')}</h3>
             <div class="field">
-              <input
-                type="password"
-                bind:value={password}
-                disabled={submitting}
-                required
-                autocomplete="current-password"
-                placeholder={$_('oauthDelegation.enterPassword')}
-              />
+              <input type="password" bind:value={password} disabled={submitting} required autocomplete="current-password" placeholder={$_('oauthDelegation.enterPassword')} />
             </div>
 
             <label class="remember-device">
@@ -401,14 +411,7 @@
       {:else}
         <div class="field">
           <label for="password">{$_('oauthDelegation.password')}</label>
-          <input
-            id="password"
-            type="password"
-            bind:value={password}
-            disabled={submitting}
-            required
-            autocomplete="current-password"
-          />
+          <input id="password" type="password" bind:value={password} disabled={submitting} required autocomplete="current-password" />
         </div>
 
         <label class="remember-device">
@@ -584,8 +587,8 @@
     font-weight: var(--font-medium);
   }
 
-  input[type="password"],
-  input[type="text"] {
+  input[type='password'],
+  input[type='text'] {
     padding: var(--space-3);
     border: 1px solid var(--border-color);
     border-radius: var(--radius-md);
@@ -677,7 +680,9 @@
     border-radius: var(--radius-md);
     font-size: var(--text-base);
     cursor: pointer;
-    transition: background-color var(--transition-fast), border-color var(--transition-fast);
+    transition:
+      background-color var(--transition-fast),
+      border-color var(--transition-fast);
   }
 
   .passkey-btn:hover:not(:disabled) {
diff --git a/frontend/src/routes/OAuthLogin.svelte b/frontend/src/routes/OAuthLogin.svelte
index 2f954a1..924e43c 100644
--- a/frontend/src/routes/OAuthLogin.svelte
+++ b/frontend/src/routes/OAuthLogin.svelte
@@ -1,11 +1,7 @@
 <script lang="ts">
   import { navigate, routes, getFullUrl } from '../lib/router.svelte'
   import { _ } from '../lib/i18n'
-  import {
-    prepareRequestOptions,
-    serializeAssertionResponse,
-    type WebAuthnRequestOptionsResponse,
-  } from '../lib/webauthn'
+  import { prepareRequestOptions, serializeAssertionResponse, type WebAuthnRequestOptionsResponse } from '../lib/webauthn'
 
   let username = $state('')
   let password = $state('')
@@ -53,7 +49,7 @@
 
     try {
       const response = await fetch(`/oauth/authorize?request_uri=${encodeURIComponent(requestUri)}`, {
-        headers: { 'Accept': 'application/json' }
+        headers: { Accept: 'application/json' }
       })
       if (response.ok) {
         const data = await response.json()
@@ -100,7 +96,9 @@
         if (!hasPassword && !hasPasskeys && isDelegated && data.did) {
           const requestUri = getRequestUri()
           if (requestUri) {
-            navigate(routes.oauthDelegation, { params: { request_uri: requestUri, delegated_did: data.did } })
+            navigate(routes.oauthDelegation, {
+              params: { request_uri: requestUri, delegated_did: data.did }
+            })
             return
           }
         }
@@ -115,7 +113,6 @@
     }
   }
 
-
   async function handlePasskeyLogin() {
     const requestUri = getRequestUri()
     if (!requestUri || !username) {
@@ -131,7 +128,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -149,9 +146,9 @@
       const { options } = await startResponse.json()
       const publicKeyOptions = prepareRequestOptions(options as WebAuthnRequestOptionsResponse)
 
-      const credential = await navigator.credentials.get({
+      const credential = (await navigator.credentials.get({
         publicKey: publicKeyOptions
-      }) as PublicKeyCredential | null
+      })) as PublicKeyCredential | null
 
       if (!credential) {
         error = $_('common.error')
@@ -165,7 +162,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -187,12 +184,19 @@
       }
 
       if (data.needs_2fa) {
-        navigate(routes.oauth2fa, { params: { request_uri: requestUri, channel: data.channel || '' } })
+        navigate(routes.oauth2fa, {
+          params: { request_uri: requestUri, channel: data.channel || '' }
+        })
         return
       }
 
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
@@ -225,7 +229,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -249,12 +253,19 @@
       }
 
       if (data.needs_2fa) {
-        navigate(routes.oauth2fa, { params: { request_uri: requestUri, channel: data.channel || '' } })
+        navigate(routes.oauth2fa, {
+          params: { request_uri: requestUri, channel: data.channel || '' }
+        })
         return
       }
 
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
@@ -279,7 +290,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({ request_uri: requestUri })
       })
@@ -287,6 +298,11 @@
       const data = await response.json()
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
       }
     } catch {
       window.history.back()
@@ -313,15 +329,7 @@
   <form onsubmit={handleSubmit}>
     <div class="field">
       <label for="username">{$_('register.handle')}</label>
-      <input
-        id="username"
-        type="text"
-        bind:value={username}
-        placeholder={$_('register.emailPlaceholder')}
-        disabled={submitting}
-        required
-        autocomplete="username"
-      />
+      <input id="username" type="text" bind:value={username} placeholder={$_('register.emailPlaceholder')} disabled={submitting} required autocomplete="username" />
     </div>
 
     {#if passkeySupported && username.length >= 3}
@@ -334,7 +342,11 @@
             class:passkey-unavailable={!hasPasskeys || checkingSecurityStatus || !securityStatusChecked}
             onclick={handlePasskeyLogin}
             disabled={submitting || !hasPasskeys || !username || checkingSecurityStatus || !securityStatusChecked}
-            title={checkingSecurityStatus ? $_('oauth.login.passkeyHintChecking') : hasPasskeys ? $_('oauth.login.passkeyHintAvailable') : $_('oauth.login.passkeyHintNotAvailable')}
+            title={checkingSecurityStatus
+              ? $_('oauth.login.passkeyHintChecking')
+              : hasPasskeys
+                ? $_('oauth.login.passkeyHintAvailable')
+                : $_('oauth.login.passkeyHintNotAvailable')}
           >
             <svg class="passkey-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
               <path d="M15 7a4 4 0 1 0-8 0 4 4 0 0 0 8 0z" />
@@ -393,14 +405,7 @@
     {:else}
       <div class="field">
         <label for="password">{$_('oauth.login.password')}</label>
-        <input
-          id="password"
-          type="password"
-          bind:value={password}
-          disabled={submitting}
-          required
-          autocomplete="current-password"
-        />
+        <input id="password" type="password" bind:value={password} disabled={submitting} required autocomplete="current-password" />
       </div>
 
       <label class="remember-device">
@@ -420,7 +425,9 @@
   </form>
 
   <p class="help-links">
-    <a href={getFullUrl(routes.resetPassword)}>{$_('login.forgotPassword')}</a> &middot; <a href={getFullUrl(routes.requestPasskeyRecovery)}>{$_('login.lostPasskey')}</a>
+    <a href={getFullUrl(routes.resetPassword)}>{$_('login.forgotPassword')}</a>
+    &middot;
+    <a href={getFullUrl(routes.requestPasskeyRecovery)}>{$_('login.lostPasskey')}</a>
   </p>
 </div>
 
@@ -560,8 +567,8 @@
     font-weight: var(--font-medium);
   }
 
-  input[type="text"],
-  input[type="password"] {
+  input[type='text'],
+  input[type='password'] {
     padding: var(--space-3);
     border: 1px solid var(--border-color);
     border-radius: var(--radius-md);
@@ -640,7 +647,6 @@
     background: var(--accent-hover);
   }
 
-
   .passkey-btn {
     display: flex;
     align-items: center;
@@ -654,7 +660,10 @@
     border-radius: var(--radius-md);
     font-size: var(--text-base);
     cursor: pointer;
-    transition: background-color var(--transition-fast), border-color var(--transition-fast), opacity var(--transition-fast);
+    transition:
+      background-color var(--transition-fast),
+      border-color var(--transition-fast),
+      opacity var(--transition-fast);
   }
 
   .passkey-btn:hover:not(:disabled) {
diff --git a/frontend/src/routes/OAuthPasskey.svelte b/frontend/src/routes/OAuthPasskey.svelte
index 88281a0..afdb925 100644
--- a/frontend/src/routes/OAuthPasskey.svelte
+++ b/frontend/src/routes/OAuthPasskey.svelte
@@ -4,7 +4,7 @@
   import {
     prepareRequestOptions,
     serializeAssertionResponse,
-    type WebAuthnRequestOptionsResponse,
+    type WebAuthnRequestOptionsResponse
   } from '../lib/webauthn'
 
   let loading = $state(false)
@@ -37,7 +37,7 @@
       const startResponse = await fetch(`/oauth/authorize/passkey?request_uri=${encodeURIComponent(requestUri)}`, {
         method: 'GET',
         headers: {
-          'Accept': 'application/json'
+          Accept: 'application/json'
         }
       })
 
@@ -67,7 +67,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -85,6 +85,11 @@
 
       if (finishData.redirect_uri) {
         window.location.href = finishData.redirect_uri
+        const a = document.createElement('a')
+        a.href = finishData.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
diff --git a/frontend/src/routes/OAuthTotp.svelte b/frontend/src/routes/OAuthTotp.svelte
index fe0b632..ab5236f 100644
--- a/frontend/src/routes/OAuthTotp.svelte
+++ b/frontend/src/routes/OAuthTotp.svelte
@@ -28,7 +28,7 @@
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
-          'Accept': 'application/json'
+          Accept: 'application/json'
         },
         body: JSON.stringify({
           request_uri: requestUri,
@@ -47,6 +47,11 @@
 
       if (data.redirect_uri) {
         window.location.href = data.redirect_uri
+        const a = document.createElement('a')
+        a.href = data.redirect_uri
+        a.style.display = 'none'
+        document.body.appendChild(a)
+        a.click()
         return
       }
 
@@ -108,11 +113,7 @@
     </div>
 
     <label class="trust-device-label">
-      <input
-        type="checkbox"
-        bind:checked={trustDevice}
-        disabled={submitting}
-      />
+      <input type="checkbox" bind:checked={trustDevice} disabled={submitting} />
       <span>{$_('oauth.totp.trustDevice')}</span>
     </label>
 
@@ -245,7 +246,7 @@
     margin-top: var(--space-2);
   }
 
-  .trust-device-label input[type="checkbox"] {
+  .trust-device-label input[type='checkbox'] {
     width: auto;
     margin: 0;
   }