360b611ae6
Provider-specific paths like /api/auth/signin/keycloak are POST only
in NextAuth v5 — they're the form-submit endpoint with CSRF. A GET
redirect there bounces to /api/auth/error?error=Configuration with
"UnknownAction".
/api/auth/signin (no provider segment) is the GET-accessible page
that lists configured providers. Apps that want one-click Keycloak
should set signInPath to a custom page that calls signIn('keycloak').
Repros against next-auth 5.0.0-beta.31 on Next 16.1.1. Pre-existing
bug in createAuth + createAuthMiddleware + signInRedirect; surfaced
when first user-driven login was attempted against the live CRM.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
27 lines
998 B
TypeScript
27 lines
998 B
TypeScript
/**
|
|
* @gsc/web-kit/auth — client-side auth helpers.
|
|
*
|
|
* Server-side surface (createAuth, requireAuth) lives in
|
|
* `@gsc/web-kit/auth/server`. The split keeps client bundles from
|
|
* pulling in next-auth's server runtime.
|
|
*/
|
|
|
|
export type { SessionUser } from "./types";
|
|
|
|
/**
|
|
* Client-side hard navigation to the sign-in endpoint. Use when a
|
|
* component detects an auth-required action without a session — e.g.
|
|
* a 401 from an API call.
|
|
*
|
|
* Default target matches createAuth's default (`/api/auth/signin/keycloak`).
|
|
*/
|
|
export function signInRedirect(callbackUrl?: string): void {
|
|
if (typeof window === "undefined") return;
|
|
// Match the server-side default. /api/auth/signin/<provider> is POST
|
|
// only in NextAuth v5 — a GET navigation there returns UnknownAction.
|
|
const target = "/api/auth/signin";
|
|
const url = new URL(target, window.location.origin);
|
|
url.searchParams.set("callbackUrl", callbackUrl ?? window.location.pathname);
|
|
window.location.href = url.toString();
|
|
}
|