Skip to content

Fix P7b: Continue with Google sign in + OAuth org bootstrap#112

Open
bmoss2015 wants to merge 2 commits into
feat/signup-pagefrom
feat/google-signin-auth
Open

Fix P7b: Continue with Google sign in + OAuth org bootstrap#112
bmoss2015 wants to merge 2 commits into
feat/signup-pagefrom
feat/google-signin-auth

Conversation

@bmoss2015

Copy link
Copy Markdown
Owner

Summary

Adds Supabase Google OAuth as a second sign-in / sign-up path alongside email-password.

  • startGoogleSignIn() server action wraps sb.auth.signInWithOAuth({ provider: 'google' }) with skipBrowserRedirect=true so we return the URL and the client navigates. Surfaces a clear error string if Google isn't enabled in Supabase Auth.
  • New shared GoogleSignInButton + OrDivider component used on both /login and /signup above the password form.
  • /auth/callback: after the PKCE exchange (or OTP verification), check whether the just-signed-in user has a profile. OAuth-created users don't pass org_id metadata so the existing handle_new_user trigger never fires for them. Without this bootstrap they'd land in the portal with no org and every RLS query would return empty. Now mints a fresh org named ${name}'s Workspace and links an admin profile (idempotent).

Base branch is feat/signup-page (PR #106). Merge that first.

Required to actually work

  • Enable Google as an Auth provider in the Supabase dashboard for staging AND prod (Authentication > Providers > Google). Drop in the OAuth client ID + secret from the Google Cloud console.
  • Authorized redirect URI in Google Cloud must be the Supabase project URL + /auth/v1/callback. Supabase shows the exact URL when you toggle the provider on.

Verify on preview

After PR #106 merges and Google is enabled in Supabase Auth:

  1. Open <preview>/login while signed out, click Continue with Google
  2. Complete consent, land at / with a new org auto-created
  3. Open <preview>/signup while signed out, confirm the Sign up with Google button works the same way
  4. Repeat sign in (don't sign out) to verify no duplicate org is created

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

Adds Supabase Google OAuth as a second sign-in / sign-up path
alongside email-password.

- src/app/(auth)/_actions.ts: new startGoogleSignIn() server action
  wraps sb.auth.signInWithOAuth({ provider: 'google' }) with
  skipBrowserRedirect=true so we return the URL and let the client
  navigate. Surfaces a clear error if Google isn't enabled in the
  Supabase Auth dashboard.
- src/app/(auth)/_components/GoogleSignInButton.tsx: shared button +
  divider component used on both auth pages.
- src/app/(auth)/login/page.tsx, signup/page.tsx: Continue with
  Google button + or-divider above the email/password form.
- src/app/auth/callback/route.ts: after the PKCE exchange (or OTP
  verification), check whether the just-signed-in user has a
  profile. OAuth-created users don't pass org_id metadata so the
  existing handle_new_user trigger never fires for them — without
  the bootstrap they'd land in the portal with no org and every RLS
  query would return empty. Now we mint a fresh org named
  '${name}'s Workspace' and link an admin profile, idempotent on
  re-entry.

Required to actually work
- Enable Google as an Auth provider in the Supabase dashboard for
  staging AND prod (Authentication > Providers > Google). Drop in
  the OAuth client ID + secret from the Google Cloud console.
- Authorized redirect URI in Google Cloud must be the Supabase
  project URL + /auth/v1/callback (Supabase shows the exact URL
  when you toggle the provider on).

Base branch is feat/signup-page (PR #106). Merge that first.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@supabase

supabase Bot commented Jun 15, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project rsdmyydyhqgkkvwlklif because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@vercel

vercel Bot commented Jun 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
moss-equity-portal Ready Ready Preview, Comment Jun 15, 2026 6:48pm

Request Review

…le-signin-auth

# Conflicts:
#	src/app/(auth)/login/page.tsx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant