From 275f0c962757749855b9db4b44eaaa08cbc6272d Mon Sep 17 00:00:00 2001 From: Ryan Salazar Date: Sat, 9 May 2026 03:12:50 +0000 Subject: [PATCH] client-login: hydrate Supabase session from API response before redirect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The wp-login API sets the auth cookie via NextResponse, but a client-side router.push() doesn't always pick up the new cookie before the destination page's AuthContext snapshots auth state — leading to a brief 'logged out' flash on /contributor right after a successful login. Fix: after a successful POST to /api/auth/wp-login, call supabase.auth.setSession({ access_token, refresh_token }) using the session payload returned by the API. That hydrates the Supabase browser client (and therefore AuthContext) immediately, so the next render is authenticated. router.refresh() is also called to invalidate the Next.js Router Cache for any stale RSC payloads. Also adds console.error on both the !res.ok branch and the catch block so login failures are inspectable in DevTools. --- src/app/client-login/page.tsx | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/app/client-login/page.tsx b/src/app/client-login/page.tsx index 76acfa1..d309f9e 100644 --- a/src/app/client-login/page.tsx +++ b/src/app/client-login/page.tsx @@ -2,6 +2,7 @@ import { useState } from 'react'; import { useRouter } from 'next/navigation'; +import { createClient } from '@/lib/supabase/client'; export default function ClientLoginPage() { const [email, setEmail] = useState(''); @@ -9,6 +10,7 @@ export default function ClientLoginPage() { const [error, setError] = useState(''); const [loading, setLoading] = useState(false); const router = useRouter(); + const supabase = createClient(); const handleLogin = async (e: React.FormEvent) => { e.preventDefault(); @@ -27,13 +29,27 @@ export default function ClientLoginPage() { if (!res.ok) { setError(data.error || 'Login failed'); + console.error('Login error:', data); return; } - // Redirect to contributor dashboard + // Hydrate Supabase client with the session from the API response so + // AuthContext picks it up immediately and the next render of + // /contributor sees an authenticated user (no flash of logged-out + // state, no race against cookie propagation). + if (data.session?.access_token && data.session?.refresh_token) { + await supabase.auth.setSession({ + access_token: data.session.access_token, + refresh_token: data.session.refresh_token, + }); + } + + // Redirect to contributor dashboard (fresh session in AuthContext) router.push('/contributor'); + router.refresh(); } catch (err: any) { setError(err.message || 'An error occurred'); + console.error('Login exception:', err); } finally { setLoading(false); }