fix error preventing user from logging in

[grmbyrn]

Summary by CodeRabbit

• Bug Fixes

  • Corrected GitHub authentication callback redirect handling to ensure users are properly directed after sign-in.
  • Enhanced OAuth callback processing to sanitize request parameters and improve callback flow reliability.

• Chores

  • Implemented environment-aware debug logging for authentication, active in development builds only.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
worklog	Ready	Preview, Comment	Apr 10, 2026 1:51pm

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

NextAuth configuration updated to use callbackUrl instead of redirectTo in the login page, environment-aware debug mode enabled in auth options, and middleware enhanced to intercept GitHub callback routes and conditionally strip the iss query parameter before proceeding.

Changes

Cohort / File(s)	Summary
NextAuth Configuration app/login/page.tsx, auth.ts	Updated GitHub sign-in to use callbackUrl parameter and added conditional debug flag based on Node environment.
Middleware Enhancement middleware.ts	Converted middleware to intercept /api/auth/callback/github route, clones request, and conditionally removes iss query parameter before delegating to auth handler.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Middleware
    participant AuthHandler
    participant Callback

    Client->>Middleware: GET /api/auth/callback/github?code=...&iss=...
    alt iss parameter present
        Middleware->>Middleware: Clone request & remove iss param
        Middleware->>AuthHandler: auth(cloned request)
        AuthHandler->>Callback: Process callback
        Callback-->>Client: Redirect to /dashboard
    else iss parameter absent
        Middleware->>AuthHandler: auth(original request)
        AuthHandler->>Callback: Process callback
        Callback-->>Client: Redirect to /dashboard
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A callback hops through the middleware's door,
The iss parameter stripped clean to the floor,
With callbackUrl guiding the way back home,
Debug flags configured, through dev lands we roam! 🌙

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main objective of the pull request—fixing a login error—which aligns with the actual changes made to auth configuration and middleware handling.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/auth-debugging

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}