From 3983724866b18e87276583cdca81a0ec665fd5be Mon Sep 17 00:00:00 2001 From: Sean O'Connor Date: Sun, 10 May 2026 02:24:46 -0400 Subject: [PATCH] fix: restore authentik trusted origin and remove auth card U-border shadow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Auto-derive trusted origin from AUTHENTIK_ISSUER URL so OAuth callbacks are accepted without requiring a separate AUTHENTIK_ORIGIN env var - Remove leftover ssoProvider schema mapping (no longer used with genericOAuth) - Remove dead @better-auth/sso dependency from package.json - Drop md:shadow-2xl/md:shadow-lg from auth cards — the downward box-shadow was rendering as a U-shaped border (bottom+sides, no top); border + backdrop-blur-xl provides sufficient visual separation Co-Authored-By: Claude Sonnet 4.6 --- package.json | 1 - src/app/auth/register/page.tsx | 2 +- src/app/auth/signin/signin-form.tsx | 2 +- src/lib/auth.ts | 9 ++++++++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 7844dcf..a5df397 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,6 @@ "typecheck": "tsc --noEmit" }, "dependencies": { - "@better-auth/sso": "^1.4.12", "@dnd-kit/core": "^6.3.1", "@dnd-kit/modifiers": "^9.0.0", "@dnd-kit/sortable": "^10.0.0", diff --git a/src/app/auth/register/page.tsx b/src/app/auth/register/page.tsx index 6cdf8ae..7923777 100644 --- a/src/app/auth/register/page.tsx +++ b/src/app/auth/register/page.tsx @@ -48,7 +48,7 @@ function RegisterForm() { return (
- + {/* Hero Section - Hidden on mobile */}
diff --git a/src/app/auth/signin/signin-form.tsx b/src/app/auth/signin/signin-form.tsx index 5279040..baf8788 100644 --- a/src/app/auth/signin/signin-form.tsx +++ b/src/app/auth/signin/signin-form.tsx @@ -77,7 +77,7 @@ export function SignInForm({ allowRegistration }: SignInFormProps) {
- + {/* Hero Section - Hidden on mobile */}
diff --git a/src/lib/auth.ts b/src/lib/auth.ts index 11a1ae5..5207f76 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -12,6 +12,13 @@ const authentikEnabled = Boolean( ); const signupsDisabled = process.env.DISABLE_SIGNUPS === "true"; +// Derive the authentik origin from the issuer URL so the OAuth callback is +// automatically trusted without needing a separate AUTHENTIK_ORIGIN env var. +const authentikOrigin = + authentikEnabled && process.env.AUTHENTIK_ISSUER + ? new URL(process.env.AUTHENTIK_ISSUER).origin + : null; + export const auth = betterAuth({ database: drizzleAdapter(db, { provider: "pg", @@ -20,11 +27,11 @@ export const auth = betterAuth({ session: schema.sessions, account: schema.accounts, verification: schema.verificationTokens, - ssoProvider: schema.ssoProviders, }, }), trustedOrigins: [ "https://beenvoice.soconnor.dev", + ...(authentikOrigin ? [authentikOrigin] : []), ...(process.env.AUTHENTIK_ORIGIN ? [process.env.AUTHENTIK_ORIGIN] : []), ], ...(authentikEnabled && {