Skip to content

Comments

fix(web): strip auth search params from URL after callback redirect#4088

Open
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1771484066-fix-auth-callback-search-params
Open

fix(web): strip auth search params from URL after callback redirect#4088
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1771484066-fix-auth-callback-search-params

Conversation

@devin-ai-integration
Copy link
Contributor

Summary

After OAuth/OTP login, the auth callback URL's query params (code, token_hash, flow, etc.) were leaking into the redirected URL instead of being stripped. This adds explicit search: {} to all throw redirect() calls in the callback route's beforeLoad, and adds replace: true to the component-level navigate() fallback.

Changes:

  • All throw redirect() calls for web flow in beforeLoad now pass search: {} to explicitly clear search params
  • The component's useEffect fallback navigate() now uses replace: true to replace the callback URL in history

Review & Testing Checklist for Human

  • Test the full OAuth flow (Google/GitHub) with flow=web: Log in, go through callback, and verify the final URL at /app/account/ has no leftover code/flow/scheme params. This is the primary bug being fixed and was not tested live.
  • Verify the navigate() fallback also strips params: The useEffect navigate call got replace: true but notably does NOT include search: {} like the beforeLoad redirects do. If the beforeLoad redirect fails to fire (known TanStack Start SSR issue #3462), the component fallback may still leak params. Consider whether search: {} should be added to the navigate call too.
  • Test recovery/password-reset flow: The /update-password/ redirects were also updated — verify password reset via email still works end-to-end.

Notes

Co-Authored-By: Sungbin Jo <goranmoomin@daum.net>
@netlify
Copy link

netlify bot commented Feb 19, 2026

Deploy Preview for hyprnote-storybook canceled.

Name Link
🔨 Latest commit fc4ac68
🔍 Latest deploy log https://app.netlify.com/projects/hyprnote-storybook/deploys/6996b41c6c55ea000828fd25

@netlify
Copy link

netlify bot commented Feb 19, 2026

Deploy Preview for hyprnote ready!

Name Link
🔨 Latest commit fc4ac68
🔍 Latest deploy log https://app.netlify.com/projects/hyprnote/deploys/6996b41c6c55ea000828fd21
😎 Deploy Preview https://deploy-preview-4088--hyprnote.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@devin-ai-integration
Copy link
Contributor Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR that start with 'DevinAI' or '@devin'.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant