From 292015fead2e1f7635deb099e8483f17974af19c Mon Sep 17 00:00:00 2001
From: "Builder.io" <builder-bot@builder.io>
Date: Sun, 9 Nov 2025 08:15:19 +0000
Subject: [PATCH] Add cookie headers to OAuth callback response

cgen-7c7ef9e9f3cf4111a3cf1a1216bb52d2
---
 api/discord/oauth/callback.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/discord/oauth/callback.ts b/api/discord/oauth/callback.ts
index 6d4cf722..f9dafd34 100644
--- a/api/discord/oauth/callback.ts
+++ b/api/discord/oauth/callback.ts
@@ -172,8 +172,13 @@ export default async function handler(req: any, res: any) {
       return res.status(500).json({ message: "Failed to create session" });
     }
 
-    // Return session data to frontend
+    // Set session cookies
+    const accessTokenCookie = `sb-access-token=${sessionData.session.access_token}; Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=3600`;
+    const refreshTokenCookie = `sb-refresh-token=${sessionData.session.refresh_token}; Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=604800`;
+
+    res.setHeader("Set-Cookie", [accessTokenCookie, refreshTokenCookie]);
     res.setHeader("Content-Type", "application/json");
+
     return res.status(200).json({
       success: true,
       message: isNewUser ? "Account created successfully" : "Linked successfully",