From 90eea41dedfd2fa228fcb7e6a08c01d6ae7a449e Mon Sep 17 00:00:00 2001
From: MaheshtheDev <38828053+MaheshtheDev@users.noreply.github.com>
Date: Fri, 17 Oct 2025 04:29:32 +0000
Subject: fix: magic link auth for chrome extension (#492)

The issue is whenever a user is trying to log in with an email and a one-time code, the Chrome extension is not able to authenticate. The fix is to add a callback URL with a query parameter of `extension-auth-success` equal to `true`, which will allow the Chrome extension to identify and verify the auth whenever a user is trying to log in into the Chrome extension.
---
 packages/ui/pages/login.tsx | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'packages')

diff --git a/packages/ui/pages/login.tsx b/packages/ui/pages/login.tsx
index 2179f177..4d823d76 100644
--- a/packages/ui/pages/login.tsx
+++ b/packages/ui/pages/login.tsx
@@ -47,17 +47,20 @@ export function LoginPage({
 	// Create callback URL that includes redirect parameter if provided
 	const getCallbackURL = () => {
 		const origin = window.location.origin;
+		let finalUrl: URL;
+
 		if (redirectUrl) {
-			// Validate that the redirect URL is safe (same origin or allow external based on your security requirements)
 			try {
-				const url = new URL(redirectUrl, origin);
-				return url.toString();
+				finalUrl = new URL(redirectUrl, origin);
 			} catch {
-				// If redirect URL is invalid, fall back to origin
-				return origin;
+				finalUrl = new URL(origin);
 			}
+		} else {
+			finalUrl = new URL(origin);
 		}
-		return origin;
+
+		finalUrl.searchParams.set("extension-auth-success", "true");
+		return finalUrl.toString();
 	};
 
 	// Load last used method from localStorage on mount
-- 
cgit v1.2.3