From e1ae88a7be0f5387ab8e302ddb14f1390e5da215 Mon Sep 17 00:00:00 2001 From: "Builder.io" Date: Tue, 11 Nov 2025 08:59:47 +0000 Subject: [PATCH] completionId: cgen-67d0dd19c88f4f189507f0fb95cd9ec3 cgen-67d0dd19c88f4f189507f0fb95cd9ec3 --- api/discord/oauth/callback.ts | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/api/discord/oauth/callback.ts b/api/discord/oauth/callback.ts index 7f4ed687..17db42c7 100644 --- a/api/discord/oauth/callback.ts +++ b/api/discord/oauth/callback.ts @@ -282,22 +282,24 @@ export default async function handler(req: any, res: any) { await notifyAccountLinked(userId, "Discord"); } - // Generate session token - const { data: sessionData, error: sessionError } = - await supabase.auth.admin.createSession({ - user_id: userId, + // Generate a magic link to establish session + const { data: linkData, error: linkError } = + await supabase.auth.admin.generateLink({ + type: "magiclink", + email: discordUser.email, + options: { + redirectTo: redirectTo, + }, }); - if (sessionError || !sessionData.session) { - console.error("[Discord OAuth] Session creation failed:", sessionError); + if (linkError || !linkData?.properties?.magic_link) { + console.error("[Discord OAuth] Magic link generation failed:", linkError); return res.redirect("/login?error=session_create"); } - // Set session cookies - const accessTokenCookie = `sb-access-token=${sessionData.session.access_token}; Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=3600`; - const refreshTokenCookie = `sb-refresh-token=${sessionData.session.refresh_token}; Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=604800`; - - res.setHeader("Set-Cookie", [accessTokenCookie, refreshTokenCookie]); + // Redirect to magic link to establish session + // The magic link contains the session token and will set cookies automatically + res.redirect(linkData.properties.magic_link); // Redirect to dashboard (we only log in existing users here) const nextPath = "/dashboard";