From 99fd62a81fc245bfd78b8a6b6e476765d66c7ce4 Mon Sep 17 00:00:00 2001 From: Yash Kewlani Date: Sun, 28 Jun 2026 17:37:08 +0530 Subject: [PATCH] fix(auth): always redirect to canonical domain after OAuth, remove dynamic origin dependency --- src/app/auth/callback/route.ts | 12 +++++++++--- src/app/login/login-form.tsx | 6 +++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/src/app/auth/callback/route.ts b/src/app/auth/callback/route.ts index 303bedf..56fb951 100644 --- a/src/app/auth/callback/route.ts +++ b/src/app/auth/callback/route.ts @@ -2,8 +2,14 @@ import { createServerClient } from "@supabase/ssr"; import { cookies } from "next/headers"; import { NextResponse } from "next/server"; +// Always redirect to the canonical domain after OAuth so that arriving via +// any auto-assigned Vercel URL (e.g. studymapp-student-suite.vercel.app) +// doesn't leave the user stranded on the wrong domain. +const SITE_URL = + process.env.NEXT_PUBLIC_SITE_URL ?? "https://studymapp.vercel.app"; + export async function GET(request: Request) { - const { searchParams, origin } = new URL(request.url); + const { searchParams } = new URL(request.url); const code = searchParams.get("code"); const next = searchParams.get("next") ?? "/"; @@ -28,9 +34,9 @@ export async function GET(request: Request) { const { error } = await supabase.auth.exchangeCodeForSession(code); if (!error) { - return NextResponse.redirect(`${origin}${next}`); + return NextResponse.redirect(`${SITE_URL}${next}`); } } - return NextResponse.redirect(`${origin}/login?error=auth_error`); + return NextResponse.redirect(`${SITE_URL}/login?error=auth_error`); } diff --git a/src/app/login/login-form.tsx b/src/app/login/login-form.tsx index 5d75acc..7c7ee53 100644 --- a/src/app/login/login-form.tsx +++ b/src/app/login/login-form.tsx @@ -6,6 +6,7 @@ import { toast } from "sonner"; import { Loader2 } from "lucide-react"; import { createClient } from "@/lib/supabase/client"; +import { site } from "@/lib/site"; import { Button } from "@/components/ui/button"; import { Input } from "@/components/ui/input"; import { Label } from "@/components/ui/label"; @@ -50,7 +51,10 @@ export function LoginForm() { } async function handleGoogle() { - const siteUrl = process.env.NEXT_PUBLIC_SITE_URL ?? window.location.origin; + // Use the explicit env var for local dev (http://localhost:3000), + // fall back to the hardcoded canonical domain so any auto-assigned + // Vercel URL never leaks into the OAuth redirectTo. + const siteUrl = process.env.NEXT_PUBLIC_SITE_URL ?? site.url; const { error } = await supabase.auth.signInWithOAuth({ provider: "google", options: {