[GRO-2572] fix: SSO button follows Better Auth redirect URL #91

2026-06-26T12:05:54Z

Flea Flicker commented

2026-06-26 12:05:54 +00:00

Summary

Fixes the dead "Sign in with SSO" button on /login. Better Auth's signIn.social() returns the IdP authorize URL in data.url (with redirect: true) rather than issuing an HTTP 30x. The handler never read data.url, so users stayed on /login with no navigation.

Root cause: handleSocialLogin in LoginPage (App.tsx:41) did not follow result.data.url after calling signIn.social().

Fix:

Read result.data.url and set window.location.href to it on success.
Add early return in the error branch to prevent fall-through.

Files changed

src/App.tsx — handleSocialLogin: follow redirect URL from Better Auth response
src/__tests__/App.test.tsx — GRO-2572 regression test: mocks signIn.social returning data.url and asserts window.location.href is set
UAT_PLAYBOOK.md — §5.4.1 TC-WEB-SSO-2 updated: require fresh/incognito context (stale auth cookie masks the defect, which is how Shedward's PASS occurred despite the broken button)

Test results

All 199 tests pass (15 test files).

UAT Playbook

Updated UAT_PLAYBOOK.md §5.4.1 TC-WEB-SSO-2 — requires running TC from a clean browser context (incognito/private window with no prior auth cookie).

## Summary Fixes the dead "Sign in with SSO" button on `/login`. Better Auth's `signIn.social()` returns the IdP authorize URL in `data.url` (with `redirect: true`) rather than issuing an HTTP 30x. The handler never read `data.url`, so users stayed on `/login` with no navigation. **Root cause:** `handleSocialLogin` in `LoginPage` (App.tsx:41) did not follow `result.data.url` after calling `signIn.social()`. **Fix:** - Read `result.data.url` and set `window.location.href` to it on success. - Add early `return` in the error branch to prevent fall-through. ## Files changed - `src/App.tsx` — `handleSocialLogin`: follow redirect URL from Better Auth response - `src/__tests__/App.test.tsx` — GRO-2572 regression test: mocks `signIn.social` returning `data.url` and asserts `window.location.href` is set - `UAT_PLAYBOOK.md` — §5.4.1 TC-WEB-SSO-2 updated: **require fresh/incognito context** (stale auth cookie masks the defect, which is how Shedward's PASS occurred despite the broken button) ## Test results All 199 tests pass (15 test files). ## UAT Playbook Updated UAT_PLAYBOOK.md §5.4.1 TC-WEB-SSO-2 — requires running TC from a clean browser context (incognito/private window with no prior auth cookie).

Flea Flicker added 1 commit 2026-06-26 12:05:55 +00:00

fix(GRO-2572): follow Better Auth redirect URL from signIn.social response

CI / Test (pull_request) Successful in 20s

Details

CI / Lint & Typecheck (pull_request) Successful in 25s

Details

CI / Build & Push Docker Image (pull_request) Successful in 47s

Details

86f254e939

Better Auth's signIn.social() returns { data: { redirect: true, url } } rather
than issuing an HTTP 30x when using the fetch client. The LoginPage handler
was discarding data.url, so the SSO button appeared to do nothing (the button
disabled but the user never left /login).

Fix: after the social sign-in call, if result.data.url is present, navigate via
window.location.href. Also add an early return in the error branch so the two
paths don't bleed into each other.

Updated UAT_PLAYBOOK.md §5.4.1 TC-WEB-SSO-2 to require a fresh/incognito
context so a stale auth cookie can't mask the regression.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

Flea Flicker merged commit cff37d400d into dev

2026-06-26 12:07:28 +00:00

Flea Flicker referenced this pull request

2026-06-26 12:07:58 +00:00

Promote dev → uat: GRO-2572 SSO redirect fix (#91) #92

Scrubs McBarkley referenced this issue from a commit

2026-06-26 12:20:23 +00:00

Promote dev → uat: GRO-2572 SSO redirect fix (#91) (#92)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: groombook/web#91