Fix SSO redirect URI to single registered URL, restore page after login

Instead of registering each page as a redirect URI in Azure AD, always
redirect to the registered /loreal-sla-calculator/ URL. Before initiating
the redirect, save the originating page in sessionStorage and navigate
back after the token exchange completes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

auth.js

@@ -6,7 +6,7 @@ const msalConfig = {
   auth: {
     clientId:    '9079054c-9620-4757-a256-23413042f1ef',
     authority:   'https://login.microsoftonline.com/e519c2e6-bc6d-4fdf-8d9c-923c2f002385',
-    redirectUri: window.location.origin + window.location.pathname,
+    redirectUri: window.location.origin + '/loreal-sla-calculator/',
   },
   cache: {
     cacheLocation:         'sessionStorage',
@@ -69,6 +69,11 @@ async function initAuth() {
 
     if (msalResponse && msalResponse.idToken) {
       await exchangeMsalToken(msalResponse.idToken);
+      const returnUrl = sessionStorage.getItem('sso_return_url');
+      if (returnUrl && returnUrl !== window.location.href) {
+        sessionStorage.removeItem('sso_return_url');
+        window.location.replace(returnUrl);
+      }
       return;
     }
   } catch (e) {
@@ -115,6 +120,7 @@ async function authSsoLogin() {
       const silent = await msalInstance.ssoSilent(loginRequest);
       await exchangeMsalToken(silent.idToken);
     } catch {
+      sessionStorage.setItem('sso_return_url', window.location.href);
       await msalInstance.loginRedirect(loginRequest);
     }
   } catch (e) {