fix(auth): support OAuth callbacks with hash router (Fixes #9)

2026-02-08 08:42:00 +00:00 · 2026-02-08 08:42:00 +00:00 · fee44fa1b2
commit fee44fa1b2
parent 9f1de03175
3 changed files with 59 additions and 1 deletions
--- a/apps/user/public/oauth/google/index.html
+++ b/apps/user/public/oauth/google/index.html
@ -0,0 +1,28 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>OAuth Redirect</title>
+    <meta http-equiv="refresh" content="0; url=/#/auth" />
+    <script>
+      (function () {
+        try {
+          // Providers redirect to a path without URL fragments (#). Our app uses hash routing.
+          // Bridge /oauth/<provider>[/]?... -> /#/oauth/<provider>?...
+          var path = window.location.pathname || "/";
+          // Normalize trailing slash so /oauth/google/ and /oauth/google both map to the same route.
+          path = path.replace(/\/$/, "");
+          var search = window.location.search || "";
+          var target = "/#" + path + search;
+          window.location.replace(target);
+        } catch (e) {
+          window.location.replace("/#/auth");
+        }
+      })();
+    </script>
+  </head>
+  <body>
+    Redirecting…
+  </body>
+</html>
--- a/apps/user/public/oauth/telegram/index.html
+++ b/apps/user/public/oauth/telegram/index.html
@ -0,0 +1,27 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>OAuth Redirect</title>
+    <meta http-equiv="refresh" content="0; url=/#/auth" />
+    <script>
+      (function () {
+        try {
+          // Providers redirect to a path without URL fragments (#). Our app uses hash routing.
+          // Bridge /oauth/<provider>[/]?... -> /#/oauth/<provider>?...
+          var path = window.location.pathname || "/";
+          path = path.replace(/\/$/, "");
+          var search = window.location.search || "";
+          var target = "/#" + path + search;
+          window.location.replace(target);
+        } catch (e) {
+          window.location.replace("/#/auth");
+        }
+      })();
+    </script>
+  </head>
+  <body>
+    Redirecting…
+  </body>
+</html>
--- a/apps/user/src/sections/auth/oauth-methods.tsx
+++ b/apps/user/src/sections/auth/oauth-methods.tsx
@ -35,7 +35,10 @@ export function OAuthMethods() {
              onClick={async () => {
                const { data } = await oAuthLogin({
                  method,
-                  redirect: `${window.location.origin}/oauth/${method}`,
+                  // OAuth providers disallow URL fragments (#) in redirect URIs.
+                  // Use a real path (with trailing slash so static hosting can serve /oauth/<provider>/index.html)
+                  // which then bridges into our hash-router at /#/oauth/<provider>.
+                  redirect: `${window.location.origin}/oauth/${method}/`,
                });
                if (data.data?.redirect) {
                  window.location.href = data.data?.redirect;