fix(login): only show Google button when client ID looks like a real Google OAuth ID
Deploy to route.crispygoat.com / deploy (push) Successful in 2m51s
Deploy to route.crispygoat.com / deploy (push) Successful in 2m51s
Previously, any non-empty AUTH_GOOGLE_ID + AUTH_GOOGLE_SECRET would trigger the Google button. That broke dev/CI setups where the env vars are placeholder strings (e.g. 'dummy-google-client-id') — the button would render and immediately 401 from Google with 'invalid_client'. Real Google OAuth client IDs always end in '.apps.googleusercontent.com'. Gate hasGoogle on that suffix so the login page falls back to the credentials form (or the 'not configured' message) when the values aren't real.
This commit is contained in:
+13
-1
@@ -32,7 +32,19 @@ export default async function LoginPage({
|
|||||||
// The Google provider is only added to the Auth.js config when these
|
// The Google provider is only added to the Auth.js config when these
|
||||||
// two env vars are set. Pass the flag down so the client can hide the
|
// two env vars are set. Pass the flag down so the client can hide the
|
||||||
// button (and surface a helpful message) when Google is unavailable.
|
// button (and surface a helpful message) when Google is unavailable.
|
||||||
const hasGoogle = !!(process.env.AUTH_GOOGLE_ID && process.env.AUTH_GOOGLE_SECRET);
|
//
|
||||||
|
// We also require the client ID to look like a real Google OAuth client
|
||||||
|
// ID (ends in `.apps.googleusercontent.com`). This guards against
|
||||||
|
// dev/CI environments where the env vars are set to placeholder strings
|
||||||
|
// like "dummy-google-client-id" — those would otherwise surface a
|
||||||
|
// Google button that immediately 401s on Google's end.
|
||||||
|
const googleId = process.env.AUTH_GOOGLE_ID ?? "";
|
||||||
|
const googleSecret = process.env.AUTH_GOOGLE_SECRET ?? "";
|
||||||
|
const hasGoogle = !!(
|
||||||
|
googleId &&
|
||||||
|
googleSecret &&
|
||||||
|
googleId.endsWith(".apps.googleusercontent.com")
|
||||||
|
);
|
||||||
const hasCredentials = isDevLoginEnabled();
|
const hasCredentials = isDevLoginEnabled();
|
||||||
const params = await searchParams;
|
const params = await searchParams;
|
||||||
const error =
|
const error =
|
||||||
|
|||||||
Reference in New Issue
Block a user