fix: remove proxy

src/app/auth/signin/page.tsx

@@ -49,12 +49,28 @@ function SignInForm() {
   }
 
   async function handleSocialSignIn() {
+    console.log("[SIGN IN PAGE] SSO button clicked");
+    console.log("[SIGN IN PAGE] authClient:", authClient);
+    console.log("[SIGN IN PAGE] authClient.signIn:", authClient.signIn);
+
     setLoading(true);
-    await authClient.signIn.sso({
-      providerId: "authentik",
-      callbackURL: callbackUrl,
-    });
-    setLoading(false);
+    try {
+      console.log("[SIGN IN PAGE] Calling authClient.signIn.sso with:", {
+        providerId: "authentik",
+        callbackURL: callbackUrl,
+      });
+
+      const result = await authClient.signIn.sso({
+        providerId: "authentik",
+        callbackURL: callbackUrl,
+      });
+
+      console.log("[SIGN IN PAGE] SSO result:", result);
+    } catch (error) {
+      console.error("[SIGN IN PAGE] SSO error:", error);
+    } finally {
+      setLoading(false);
+    }
   }
 
   return (

src/lib/auth-client.ts

@@ -6,64 +6,10 @@ import { ssoClient } from "@better-auth/sso/client";
 /**
  * Auth client for better-auth with SSO support.
  * 
- * Uses a Proxy pattern to ensure the client is only created in the browser.
- * This prevents SSR/build-time errors while maintaining full type safety.
+ * Better-auth handles SSR internally, so we can just create the client directly.
  */
 
-// Create a typed client reference for type inference
-const _createClient = () => createAuthClient({
+export const authClient = createAuthClient({
     baseURL: process.env.NEXT_PUBLIC_APP_URL,
     plugins: [ssoClient()],
 });
-
-// Type for the full client including plugins
-type AuthClientType = ReturnType<typeof _createClient>;
-
-// Lazy initialization - only create the client when first accessed
-let _client: AuthClientType | undefined;
-
-function getClient(): AuthClientType {
-    if (typeof window === "undefined") {
-        // During SSR, return a safe mock that won't crash
-        // The actual client will only be used in the browser
-        // @ts-ignore - SSR mock doesn't need full client implementation
-        return {
-            // @ts-ignore
-            useSession: () => ({ data: null, isPending: false, error: null }),
-            // @ts-ignore
-            signIn: { email: async () => { }, social: async () => { }, sso: async () => { } },
-            // @ts-ignore
-            signOut: async () => { },
-            // @ts-ignore
-            signUp: { email: async () => { } },
-        };
-    }
-
-    if (!_client) {
-        _client = createAuthClient({
-            baseURL: process.env.NEXT_PUBLIC_APP_URL,
-            plugins: [ssoClient()],
-        });
-    }
-
-    return _client;
-}
-
-// Export a Proxy that lazy-loads the client
-export const authClient = new Proxy({} as AuthClientType, {
-    get(_target, prop) {
-        // Always ensure we're in the browser before accessing the client
-        if (typeof window === "undefined") {
-            // During SSR, return safe defaults for common properties
-            if (prop === "useSession") {
-                return () => ({ data: null, isPending: false, error: null });
-            }
-            return undefined;
-        }
-
-        // In the browser, get the real client
-        const client = getClient();
-        const value = client[prop as keyof AuthClientType];
-        return typeof value === "function" ? value.bind(client) : value;
-    },
-});