Skip to content

Fix invite join flow: route via /auth/callback and returnTo after profile #319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mcull merged 1 commit into from
Sep 30, 2025
Merged

Fix invite join flow: route via /auth/callback and returnTo after profile #319

mcull merged 1 commit into from
Sep 30, 2025

Conversation

@mcull
Copy link
Owner

@mcull mcull commented Sep 29, 2025

Summary

Fixes the invite/member onboarding so invited guests who click "Join now" are routed through , which consumes invite cookies server-side, creates/reactivates membership, enforces profile completion, and then lands them back in the invited library as a member.

Root Cause

We were bypassing our logic by sending unauthenticated users to with a pointing directly to the library (e.g. ). As a result:

  • Invite cookies (, ) were never consumed server-side, so no membership was created.
  • Profile completion wasn’t enforced, so the user landed back in the library as a guest.

What Changed

  • Collection join redirect (unauthenticated):

    • now sends users to .
    • Guarantees runs and calls , which:
      • Validates invite cookies
      • Creates/reactivates
      • Marks invitation and clears cookies
      • Returns a redirect to
    • If the profile is incomplete, now redirects to .

  • Post-profile completion redirect:

    • now reads and navigates back to the originally intended destination after profile creation.
    • Falls back to if is missing or invalid.

Files Touched

    • On 401 from , redirect via: .
    • After successful profile creation, honor query param; otherwise go to .

Resulting Flow

  1. Guest opens invite link → sees library in guest mode.
  2. Clicks "Join now" → email auth → .
  3. consumes invite cookies via and creates membership.
  4. If profile incomplete → .
  5. After profile creation → redirect to , now as a member.

Safety / Risks

  • Changes are scoped to the auth/join flow and profile completion routing.
  • Existing members or owners are unaffected.
  • If cookies are missing/invalid, the legacy/normal flows still apply (they land in or ).

Manual Verification Steps

  • Open invite link in incognito → guest preview.
  • Click "Join now" → sign in with email code.

  • Observe server logs:

    • or
  • If profile incomplete → redirected to .
  • Complete profile → land at with member UI (no guest banner).

Additional Notes

  • Retains the fallback localStorage invite-token use in for robustness.
  • No DB schema changes.

Screenshots / Logs

N/A (server logs noted above).

@mcull
fix(invite): route unauthenticated join through /auth/callback and ho…
35f53ca 
…nor returnTo after profile completion\n\n- CollectionDetailClient: On 401 join, redirect to /auth/signin?callbackUrl=/auth/callback so invite cookies are consumed and membership is created\n- ProfileCreationHandler: Support returnTo param to send users back to the invited library after finishing profile\n- Outcome: invite->guest->join->auth now consistently converts to member and routes to profile then back to library
@vercel
Copy link

vercel bot commented Sep 29, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
stufflibrary Ready Ready Preview Comment Sep 29, 2025 11:25pm

@mcull mcull merged commit beb43f8 into main Sep 30, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mcull