Fix P7b: Continue with Google sign in + OAuth org bootstrap#112
Open
bmoss2015 wants to merge 2 commits into
Open
Fix P7b: Continue with Google sign in + OAuth org bootstrap#112bmoss2015 wants to merge 2 commits into
bmoss2015 wants to merge 2 commits into
Conversation
Adds Supabase Google OAuth as a second sign-in / sign-up path
alongside email-password.
- src/app/(auth)/_actions.ts: new startGoogleSignIn() server action
wraps sb.auth.signInWithOAuth({ provider: 'google' }) with
skipBrowserRedirect=true so we return the URL and let the client
navigate. Surfaces a clear error if Google isn't enabled in the
Supabase Auth dashboard.
- src/app/(auth)/_components/GoogleSignInButton.tsx: shared button +
divider component used on both auth pages.
- src/app/(auth)/login/page.tsx, signup/page.tsx: Continue with
Google button + or-divider above the email/password form.
- src/app/auth/callback/route.ts: after the PKCE exchange (or OTP
verification), check whether the just-signed-in user has a
profile. OAuth-created users don't pass org_id metadata so the
existing handle_new_user trigger never fires for them — without
the bootstrap they'd land in the portal with no org and every RLS
query would return empty. Now we mint a fresh org named
'${name}'s Workspace' and link an admin profile, idempotent on
re-entry.
Required to actually work
- Enable Google as an Auth provider in the Supabase dashboard for
staging AND prod (Authentication > Providers > Google). Drop in
the OAuth client ID + secret from the Google Cloud console.
- Authorized redirect URI in Google Cloud must be the Supabase
project URL + /auth/v1/callback (Supabase shows the exact URL
when you toggle the provider on).
Base branch is feat/signup-page (PR #106). Merge that first.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…le-signin-auth # Conflicts: # src/app/(auth)/login/page.tsx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Supabase Google OAuth as a second sign-in / sign-up path alongside email-password.
startGoogleSignIn()server action wrapssb.auth.signInWithOAuth({ provider: 'google' })withskipBrowserRedirect=trueso we return the URL and the client navigates. Surfaces a clear error string if Google isn't enabled in Supabase Auth.GoogleSignInButton+OrDividercomponent used on both/loginand/signupabove the password form./auth/callback: after the PKCE exchange (or OTP verification), check whether the just-signed-in user has a profile. OAuth-created users don't passorg_idmetadata so the existinghandle_new_usertrigger never fires for them. Without this bootstrap they'd land in the portal with no org and every RLS query would return empty. Now mints a fresh org named${name}'s Workspaceand links an admin profile (idempotent).Base branch is
feat/signup-page(PR #106). Merge that first.Required to actually work
/auth/v1/callback. Supabase shows the exact URL when you toggle the provider on.Verify on preview
After PR #106 merges and Google is enabled in Supabase Auth:
<preview>/loginwhile signed out, click Continue with Google/with a new org auto-created<preview>/signupwhile signed out, confirm the Sign up with Google button works the same wayCo-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com