From dce592c08628a1e6fd54dd2198a6bceae67e6b9a Mon Sep 17 00:00:00 2001 From: Daniel Rosel Date: Fri, 3 Apr 2026 19:15:37 +0200 Subject: [PATCH] redirect using public base url --- apps/webapp/src/app/api/auth/callback/route.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/webapp/src/app/api/auth/callback/route.ts b/apps/webapp/src/app/api/auth/callback/route.ts index 92f8715..bcef7ab 100644 --- a/apps/webapp/src/app/api/auth/callback/route.ts +++ b/apps/webapp/src/app/api/auth/callback/route.ts @@ -19,12 +19,13 @@ export async function GET(req: NextRequest) { const issuerRaw = process.env.AUTHENTIK_ISSUER; const clientId = process.env.AUTHENTIK_CLIENT_ID; const clientSecret = process.env.AUTHENTIK_CLIENT_SECRET; - const redirectUri = `${process.env.NEXT_PUBLIC_BASE_URL ?? origin}/api/auth/callback`; + const publicBase = process.env.NEXT_PUBLIC_BASE_URL ?? origin; + const redirectUri = `${publicBase}/api/auth/callback`; const authentikHost = authentikBase(issuerRaw); if (!authentikHost || !clientId || !clientSecret) { - return NextResponse.redirect(`${origin}/login?error=oidc_not_configured`); + return NextResponse.redirect(`${publicBase}/login?error=oidc_not_configured`); } const tokenRes = await fetch(`${authentikHost}/application/o/token/`, { @@ -39,7 +40,7 @@ export async function GET(req: NextRequest) { if (!tokenRes?.ok) return NextResponse.redirect(`${origin}/login?error=token_exchange`); const tokens = await tokenRes.json(); - const res = NextResponse.redirect(`${origin}/dashboard`); + const res = NextResponse.redirect(`${publicBase}/dashboard`); res.cookies.set('oidc_token', tokens.access_token, { httpOnly: true, sameSite: 'lax', path: '/', maxAge: tokens.expires_in ?? 3600,