From d7da2c0da3bff2d5bcdfa5131e02c453abd22b4d Mon Sep 17 00:00:00 2001
From: "dionisio-bot[bot]"
 <117394943+dionisio-bot[bot]@users.noreply.github.com>
Date: Wed, 17 Sep 2025 14:25:37 +0000
Subject: [PATCH] fix: Iframe authentication (#36962)

Co-authored-by: Yash Rajpal <58601732+yash-rajpal@users.noreply.github.com>
---
 .changeset/green-ants-shop.md                |  5 +++++
 apps/meteor/client/hooks/iframe/useIframe.ts | 20 ++++++++++++++------
 2 files changed, 19 insertions(+), 6 deletions(-)
 create mode 100644 .changeset/green-ants-shop.md

diff --git a/.changeset/green-ants-shop.md b/.changeset/green-ants-shop.md
new file mode 100644
index 00000000000..74a11f9c9e8
--- /dev/null
+++ b/.changeset/green-ants-shop.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': minor
+---
+
+Fixes login using iframe authentication.
diff --git a/apps/meteor/client/hooks/iframe/useIframe.ts b/apps/meteor/client/hooks/iframe/useIframe.ts
index 78677d7c454..64d2b4aa99f 100644
--- a/apps/meteor/client/hooks/iframe/useIframe.ts
+++ b/apps/meteor/client/hooks/iframe/useIframe.ts
@@ -1,5 +1,5 @@
 import { useLoginWithIframe, useLoginWithToken, useSetting } from '@rocket.chat/ui-contexts';
-import { useCallback, useState } from 'react';
+import { useCallback, useEffect, useState } from 'react';
 
 export const useIframe = () => {
 	const [iframeLoginUrl, setIframeLoginUrl] = useState<string | undefined>(undefined);
@@ -12,6 +12,8 @@ export const useIframe = () => {
 	const iframeLogin = useLoginWithIframe();
 	const tokenLogin = useLoginWithToken();
 
+	const enabled = Boolean(iframeEnabled && accountIframeUrl && apiUrl && apiMethod);
+
 	const loginWithToken = useCallback(
 		(tokenData: string | { loginToken: string } | { token: string }, callback?: (error: Error | null | undefined) => void) => {
 			if (typeof tokenData === 'string') {
@@ -31,6 +33,10 @@ export const useIframe = () => {
 
 	const tryLogin = useCallback(
 		async (callback?: (error: Error | null | undefined, result: unknown) => void) => {
+			if (!enabled) {
+				return;
+			}
+
 			let url = accountIframeUrl;
 			let separator = '?';
 			if (url.indexOf('?') > -1) {
@@ -43,9 +49,7 @@ export const useIframe = () => {
 
 			const result = await fetch(apiUrl, {
 				method: apiMethod,
-				headers: {
-					'Content-Type': 'application/json',
-				},
+				headers: undefined,
 				credentials: 'include',
 			});
 
@@ -64,11 +68,15 @@ export const useIframe = () => {
 				callback?.(error, await result.json());
 			});
 		},
-		[apiMethod, apiUrl, accountIframeUrl, loginWithToken],
+		[apiMethod, apiUrl, accountIframeUrl, loginWithToken, enabled],
 	);
 
+	useEffect(() => {
+		tryLogin();
+	}, [tryLogin]);
+
 	return {
-		enabled: Boolean(iframeEnabled && accountIframeUrl && apiUrl && apiMethod),
+		enabled,
 		tryLogin,
 		loginWithToken,
 		iframeLoginUrl,