Skip to content

draft: check redirect url #1021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
alexdln wants to merge 4 commits into from
Closed

draft: check redirect url #1021

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5c11dbc
draft: check redirect url
alexdln Feb 5, 2026
b2e167e
draft: check api route
alexdln Feb 5, 2026
62e4056
draft: check auth state
alexdln Feb 5, 2026
98df155
draft: check client metadata
alexdln Feb 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion server/api/auth/atproto.get.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ export default defineEventHandler(async event => {
scope,
prompt: create ? 'create' : undefined,
})
return sendRedirect(event, redirectUrl.toString())
return redirectUrl
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Returning redirectUrl breaks the OAuth authorization flow.

OAuth requires the browser to be redirected to the authorization server. Returning the URL object directly causes it to be serialised as JSON, which prevents the redirect from occurring and breaks authentication.

If this is intentional for debugging the redirect URL in Vercel, consider logging the URL before performing the redirect instead:

🐛 Suggested fix to preserve OAuth flow whilst enabling debugging 
       const redirectUrl = await atclient.authorize(handle, {
         scope,
         prompt: create ? 'create' : undefined,
       })
-      return redirectUrl
+      console.log('[OAuth Debug] Redirect URL:', redirectUrl.toString())
+      return sendRedirect(event, redirectUrl.toString())
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
return redirectUrl
console.log('[OAuth Debug] Redirect URL:', redirectUrl.toString())
return sendRedirect(event, redirectUrl.toString())

} catch (error) {
const message = error instanceof Error ? error.message : 'Authentication failed.'

Expand Down
Loading