Partially translated duplicate confirmation dialog

[suzanne-soy-arawa]

Describe the bug

When logging in for the first time, there is a confirmation dialog about importing data (which is fully translated), followed by a second dialog asking to allow access to the account (which is only partially translated and uses the domain name "element.example.com" rather than the brand name).

When logging in for the second time, there is a confirmation dialog about allowing access to the account (which is fully translated and uses the brand name, e.g. "Example Chat"), followed by a second dialog asking to allow access to the account (which is only partially translated and uses the domain name "element.example.com" rather than the brand name).

To Reproduce
Steps to reproduce the behavior:

1. Go to element.example.com, get redirected to the configured OpenID authentication service
2. Enter credentials and validate
3. Browser gets redirected to mas.example.com/upstream/link/… (screenshot first connection-A)
4. Click "Créer un compte" (create account)
5. Browser gets redirected to mas.example.com/complete-compat-sso/… (screenshot first connection-B, partially translated, uses "element.example.com" rather than brand name)
6. Click "Continuer"
7. Browser gets redirected to element.example.com and I'm now logged in

If I log out and then try to log back in, the second (and every future) login gives the following behaviour instead:
0. log out

1. Go to element.example.com, get redirected to the configured OpenID authentication service
2. Enter credentials and validate
3. Browser gets redirected to mas.example.com/consent/… (screenshot reconnection-A, fully translated, uses brand name)
4. Click "Continuer"
5. Browser gets redirected to mas.example.com/complete-compat-sso/… (screenshot reconnection-B, partially translated, uses "element.example.com" rather than brand name)
6. Click "Continuer"
7. Browser gets redirected to element.example.com and I'm now logged in

Expected behavior

On first login, only dialog depicted in screenshot "first connection-A" should be shown. On second and later logins, only dialog depicted in screenshot "reconnection-A" should be shown.

Whether to show the domain "element.example.com" or the brand name is a user-friendliness / security tradeoff (a phishing attempt could provide a correct brand name which would make the attempt harder to notice, but the domain name is less readable to most casual users). If both are displayed, they should be displayed in a single dialog, not two separate dialogs.

It is also desirable to have a whitelist of domains for which the confirmation dialogs should be entirely hidden: in our setup, element.example.com is configured to immediately redirect logged-out users to mas.example.com, which immediately redirects to openid-provider.example.com, which redirects back to mas.example.com which redirects back to element.example.com. It is only possible to log in to that Element Web instance using openid-provider.example.com, both under the control of the same organization, so asking confirmation for the login is redundant and makes the onboarding process needlessly confusing for new users.

Screenshots

first connection-A:

first connection B:

reconnection-A:

reconnection-B:

Desktop (please complete the following information):

• OS: Debian 12
• Browser Firefox
• Version 140.5.0 esr