ghostguild-org

jennie/ghostguild-org

Fork 0

Commit graph

Author	SHA1	Message	Date
Jennie Robinson Faber	3ad22a8b67	fix(auth): survive missing OIDC interaction cookie on magic-link click Some checks failed Test / vitest (push) Failing after 6m13s Details Test / visual (push) Has been skipped Details Test / playwright (push) Has been skipped Details Test / Notify on failure (push) Successful in 3s Details Clicking the wiki magic-link email was producing SessionNotFound: 'interaction session id cookie not found' from provider.interactionFinished, because that call requires the short-lived _interaction cookie to be present on the request. It isn't, when: - the user clicks the email on a different device or browser - the interaction cookie already expired - the user is in private/incognito browsing Those unhandled errors previously bounced to /coming-soon via the coming-soon middleware, stranding users on the pre-register page. Instead of relying on the interaction cookie at the magic-link step: 1. Verify the JWT, look up the member, set the auth-token cookie. 2. Redirect the user back to https://wiki.ghostguild.org. 3. Outline re-initiates OIDC, which creates a fresh interaction whose cookie IS present on the same request, and [uid].get.ts SSOs the user in via the auth-token cookie we just set. Also swap the createError throws for sendRedirect to /auth/oidc-error so token/member/status failures land on the styled error page rather than Nitro's default unhandled-error response.	2026-04-15 18:18:33 +01:00
Jennie Robinson Faber	8a529a8e7c	Add OIDC provider for Outline wiki SSO Add oidc-provider with MongoDB adapter so ghostguild.org can act as the identity provider for the self-hosted Outline wiki. Members authenticate via the existing magic-link flow, with automatic SSO when an active session exists. Includes interaction routes, well-known discovery endpoint, and login page.	2026-03-01 15:46:01 +00:00

Author

SHA1

Message

Date

Jennie Robinson Faber

3ad22a8b67

fix(auth): survive missing OIDC interaction cookie on magic-link click

Test / vitest (push) Failing after 6m13s

Details

Test / visual (push) Has been skipped

Details

Test / playwright (push) Has been skipped

Details

Test / Notify on failure (push) Successful in 3s

Details

Clicking the wiki magic-link email was producing SessionNotFound:
'interaction session id cookie not found' from
provider.interactionFinished, because that call requires the short-lived
_interaction cookie to be present on the request. It isn't, when:

- the user clicks the email on a different device or browser
- the interaction cookie already expired
- the user is in private/incognito browsing

Those unhandled errors previously bounced to /coming-soon via the
coming-soon middleware, stranding users on the pre-register page.

Instead of relying on the interaction cookie at the magic-link step:

1. Verify the JWT, look up the member, set the auth-token cookie.
2. Redirect the user back to https://wiki.ghostguild.org.
3. Outline re-initiates OIDC, which creates a fresh interaction whose
   cookie IS present on the same request, and [uid].get.ts SSOs the user
   in via the auth-token cookie we just set.

Also swap the createError throws for sendRedirect to /auth/oidc-error so
token/member/status failures land on the styled error page rather than
Nitro's default unhandled-error response.

2026-04-15 18:18:33 +01:00

Jennie Robinson Faber

8a529a8e7c

Add OIDC provider for Outline wiki SSO

Add oidc-provider with MongoDB adapter so ghostguild.org can act as
the identity provider for the self-hosted Outline wiki. Members
authenticate via the existing magic-link flow, with automatic SSO
when an active session exists. Includes interaction routes, well-known
discovery endpoint, and login page.

2026-03-01 15:46:01 +00:00

2 commits