Merge pull request #940 from vinu-deriv/fix-oidc-csrf-issue

Fix OIDC csrf issue

Author: nijil-deriv

src/javascript/_common/auth.js

@@ -146,7 +146,7 @@ export const requestSingleSignOn = async () => {
 
         const hasMissingToken = Object.values(clientAccounts).some((account) => {
             // Check if current account is missing token
-            if (!account?.token) {
+            if (!account?.token && !account?.is_disabled !== 1) {
                 return true; // No linked accounts and no token
             }
             return false;
@@ -156,8 +156,7 @@ export const requestSingleSignOn = async () => {
           isLoggedInCookie &&
           !isCallbackPage &&
           !isEndpointPage &&
-          (!isClientAccountsPopulated ||
-            (isClientAccountsPopulated && hasMissingToken)) &&
+          (!isClientAccountsPopulated || hasMissingToken) &&
           isAuthEnabled;
 
         if (shouldRequestSignOn) {