fix: Fix redirection logic to always route users to the authn MFE

[subhashree-sahu31]

• Removed conditional checks for enterprise customers, third-party auth hints, and SAML providers.
• Simplified the redirection logic to ensure all users are redirected to the authentication microfrontend (authn MFE) when the toggle is enabled.
• Addressed issues causing incorrect redirection behavior in certain scenarios.

[Copilot]

Pull request overview

This PR simplifies the authentication redirection logic by removing conditional checks that previously prevented certain user types from being redirected to the authentication microfrontend (authn MFE). The change aims to ensure all users are routed to the authn MFE when the feature toggle is enabled.

Changes:

• Removed conditional exclusions for enterprise customers, third-party auth hints, and SAML providers from the authn MFE redirect logic
• Simplified the redirect conditional from a multi-condition check to a single should_redirect_to_authn_microfrontend() call
• Enables authn MFE to handle authentication flows that were previously handled by the legacy login form

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

There's a potential inconsistency in the logic after this change. The PR description states that all users should be redirected to the authn MFE when the toggle is enabled, but the early return at lines 174-183 still prevents users with tpa_hint_provider.skip_hinted_login_dialog=True from being redirected to the authn MFE. They are instead redirected directly to the provider's login URL.

This means the behavior is now:

1. If tpa_hint_provider exists AND skip_hinted_login_dialog is True → redirect to provider's URL (bypass authn MFE)
2. Otherwise → redirect to authn MFE (when toggle is enabled)

Previously, the behavior was:

1. If tpa_hint_provider exists AND skip_hinted_login_dialog is True → redirect to provider's URL
2. If tpa_hint_provider exists (but skip_hinted_login_dialog is False) → do NOT redirect to authn MFE
3. Otherwise → redirect to authn MFE if enterprise_customer and saml_provider conditions were also met

Verify that this is the intended behavior, particularly for third-party auth providers where skip_hinted_login_dialog is False.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (1)

openedx/core/djangoapps/user_authn/views/login_form.py:209

• With the redirect condition now unconditional, this if should_redirect_to_authn_microfrontend() runs after work that becomes wasted on the redirect path (e.g., _get_form_descriptions, enterprise lookup, and third-party auth hint parsing). Consider moving this redirect block earlier (right after computing redirect_to / initial_mode) so MFE-enabled requests avoid unnecessary API/DB calls and latency.

    if should_redirect_to_authn_microfrontend():

        # This is to handle a case where a logged-in cookie is not present but the user is authenticated.
        # Note: If we don't handle this learner is redirected to authn MFE and then back to dashboard
        # instead of the desired redirect URL (e.g. finish_auth) resulting in learners not enrolling

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

saml_provider/running_pipeline are now computed only for the removed redirect guard and are unused when the condition is just should_redirect_to_authn_microfrontend(). This leaves dead code and an outdated comment block above; please remove the SAML detection block (and update/remove the comment describing the old conditions) to keep the flow accurate and maintainable.

[ferdis]

do not merge