From e41281ddc95f55e08362a6461921bc15d5888d97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Jes=C3=BAs=20Pe=C3=B1a=20Rodr=C3=ADguez?= Date: Wed, 1 Jul 2026 14:31:51 +0200 Subject: [PATCH] fix(ui): avoid replaying social invitation callbacks - Redirect invited social auth users after backend invitation acceptance - Keep safe callback redirects for non-invitation social auth flows --- ui/app/api/auth/callback/github/route.ts | 3 ++- ui/app/api/auth/callback/google/route.ts | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ui/app/api/auth/callback/github/route.ts b/ui/app/api/auth/callback/github/route.ts index 7f97dbd973..2dd3aa0bce 100644 --- a/ui/app/api/auth/callback/github/route.ts +++ b/ui/app/api/auth/callback/github/route.ts @@ -46,7 +46,8 @@ export async function GET(req: Request) { const { access, refresh } = data.data.attributes; try { - const redirectPath = callbackPath; + // Invitation tokens are accepted during the social token exchange. + const redirectPath = invitationToken ? "/" : callbackPath; const result = await signIn("social-oauth", { accessToken: access, refreshToken: refresh, diff --git a/ui/app/api/auth/callback/google/route.ts b/ui/app/api/auth/callback/google/route.ts index 8bf4bf7159..022d2e9fe9 100644 --- a/ui/app/api/auth/callback/google/route.ts +++ b/ui/app/api/auth/callback/google/route.ts @@ -46,7 +46,8 @@ export async function GET(req: Request) { const { access, refresh } = data.data.attributes; try { - const redirectPath = callbackPath; + // Invitation tokens are accepted during the social token exchange. + const redirectPath = invitationToken ? "/" : callbackPath; const result = await signIn("social-oauth", { accessToken: access, refreshToken: refresh,