Wrong redirect after authentication when PUSH transport is WEBSOCKET

Description of the bug

When the Vaadin application is configured with VaadinWebSecurity, OAUTH2 and WEBSOCKET PUSH transport, the URL stored for redirection after successful login is incorrect; it points to the PUSH mapping instead of the requested page. For example, when navigating to a protected route /, the browser is redirected to the login page, but the stored URL is http://localhost:8080/VAADIN/push instead of http://localhost:8080/. After entering correct credentials, the browser is redirected to /VAADIN/push, resulting in a 404 error page.

Expected behavior

After successful login, the original request page should be shown. In the example above, the browser should be redirected to http://localhost:8080/.

Minimal reproducible example

Setup a keycloak instance
Configure Spring Security to integrate with Keycloak

Configure OAUHT2 in VaadinWebSecurity

protected void configure(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests(auth ->
            auth
                    .requestMatchers(antMatchers("/error")).permitAll()
    );
    super.configure(http);
    setOAuth2LoginPage(http, "/oauth2/authorization/keycloak");
    OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
    logoutSuccessHandler.setRedirectStrategy(new UidlRedirectStrategy());
    http.logout(cfg -> cfg.logoutSuccessHandler(logoutSuccessHandler));
}

Add @Push(transport = Transport.WEBSOCKET) to AppShellConfigurator implementor
Create a protected view, e.g. annotating it with @PermitAll
Start the application and access the protected view; after being redirected to the IDP login page enter user credential.
Verify that the browser is redirected to /VAADIN/push instead of the protected view.

Versions

Vaadin / Flow version: 24.5 (most likely also older versions)
Java version: 21
OS version: Linux

vaadin / flow