chore: promote dev→uat for GRO-1592 SSO session cookie fix

- Fixed frontend auth client baseURL fallback to use window.location.origin - Added UAT test coverage (TC-AUTH-5.3.4) Co-Authored-By: Paperclip <noreply@paperclip.ing>
Merge pull request 'fix(GRO-1592): fallback auth baseURL to window.location.origin' (#15 ) from fix/gro-1592-sso-session-cookie into dev
2026-05-23 14:13:12 +00:00 · 2026-05-23 14:13:01 +00:00 · 2026-05-23 14:02:16 +00:00 · 2026-05-23 13:57:47 +00:00 · 2026-05-21 19:46:41 +00:00 · 2026-05-20 15:26:27 +00:00
2 changed files with 2 additions and 1 deletions
@@ -69,6 +69,7 @@ export const { signIn, signOut, useSession, changePassword } = authClient;
 | TC-AUTH-5.3.1 | Auth client falls back to window.location.origin | Do not set `VITE_API_URL`, load app | Auth client uses `window.location.origin` as base URL |
 | TC-AUTH-5.3.2 | Sign-in on localhost | Load app without `VITE_API_URL` on localhost:3000 | Auth client uses `http://localhost:3000` as base URL |
 | TC-AUTH-5.3.3 | Sign-in on dev environment | Load app without `VITE_API_URL` on `https://dev.groombook.dev` | Auth client uses `https://dev.groombook.dev` as base URL |
+| TC-AUTH-5.3.4 | SSO cookie set after Authentik callback (GRO-1592) | Complete Authentik SSO login on UAT without `VITE_API_URL` set | `__Secure-better-auth.session_token` cookie is present in browser; subsequent `/api/*` calls include the cookie and return 200 |

 ### 5.4 Session Persistence

@@ -1,7 +1,7 @@
 import { createAuthClient } from "better-auth/react";

 export const authClient = createAuthClient({
-  baseURL: import.meta.env.VITE_API_URL ?? "",
+  baseURL: import.meta.env.VITE_API_URL || (typeof window !== "undefined" ? window.location.origin : ""),
 });

 export const { signIn, signOut, useSession, changePassword } = authClient;
Author	SHA1	Message	Date
Chris Farhood	93da2f1dd8	chore: promote dev→uat for GRO-1592 SSO session cookie fix CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Test (pull_request) Successful in 18s Details CI / Build & Push Docker Image (pull_request) Failing after 41s Details - Fixed frontend auth client baseURL fallback to use window.location.origin - Added UAT test coverage (TC-AUTH-5.3.4) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:13:12 +00:00
The Dogfather	80101fc37c	Merge pull request 'fix(GRO-1592): fallback auth baseURL to window.location.origin' (#15 ) from fix/gro-1592-sso-session-cookie into dev CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Failing after 39s Details	2026-05-23 14:13:01 +00:00
Flea Flicker	8ee58471b2	docs(UAT_PLAYBOOK): add TC-AUTH-5.3.4 — SSO cookie after Authentik callback CI / Test (pull_request) Successful in 14s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Image (pull_request) Failing after 38s Details Documents the acceptance criteria for GRO-1592: after completing Authentik SSO login without VITE_API_URL set, the __Secure-better-auth.session_token cookie must be present in the browser and sent with subsequent /api/* calls. Updated: UAT_PLAYBOOK.md §5.3 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:02:16 +00:00
Flea Flicker	35d31a984d	fix(GRO-1592): fallback auth baseURL to window.location.origin CI / Test (pull_request) Successful in 18s Details CI / Lint & Typecheck (pull_request) Successful in 19s Details CI / Build & Push Docker Image (pull_request) Failing after 38s Details When VITE_API_URL is not set (e.g. in Docker/container deployments where the env var was never injected), fallback to window.location.origin so the auth client uses relative URLs and cookies are sent to the correct origin. Previously the fallback was empty string "", which caused the auth client to default to http://localhost:3000 — the nginx sub_filter workaround only handles strings baked into the JS bundle at build time, not runtime-constructed URLs. Fixes: SSO session cookie not set in browser after Authentik callback Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 13:57:47 +00:00
The Dogfather	62cbfe4e43	Merge pull request 'promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence)' (#14 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Image (push) Successful in 9s Details promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence) (#14) Merged-By: The Dogfather (CTO) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:46:41 +00:00
Scrubs McBarkley	f70dd96c65	Merge pull request 'feat: extract groombook/web from monorepo (GRO-903)' (#1 ) from dev into main CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Successful in 14s Details feat: extract groombook/web from monorepo (GRO-903) Bootstrap exception: dev → main QA: Lint Roller (#2753) CTO: The Dogfather (#2764) CI: Lint & Typecheck ✓, Tests ✓, Docker Build ✓ UAT_PLAYBOOK.md: present	2026-05-20 15:26:27 +00:00
The Dogfather	db6a2a1bbf	Merge pull request 'promote: dev → uat (Renovate config, GRO-1081)' (#11 ) from dev into uat promote: dev → uat (Renovate config, GRO-1081) Merge PR #11: dev → uat promotion Includes: chore: add Renovate config (GRO-1081)	2026-05-20 12:42:04 +00:00
The Dogfather	032a3796ba	Merge pull request 'chore: promote dev to uat (CI Docker registry fix)' (#10 ) from dev into uat chore: promote dev to uat (CI Docker registry fix) (#10) Promotes GRO-1348 CI registry fix to UAT.	2026-05-20 11:17:21 +00:00
the-dogfather-cto[bot]	cac8fc947e	chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md	2026-05-14 21:13:56 +00:00
the-dogfather-cto[bot]	592be1301c	chore: promote dev to uat (#3 ) chore: promote dev to uat	2026-05-11 13:19:33 +00:00