Fix OAuth login by syncing auth state to cookie
All checks were successful
Deploy / deploy (push) Successful in 1m37s
All checks were successful
Deploy / deploy (push) Successful in 1m37s
Root cause: PocketBase SDK stores auth in localStorage, but Next.js middleware checks for pb_auth cookie. The cookie was never being set after successful OAuth login. Fix: Add pb.authStore.onChange() listener that syncs auth state to cookie on any change (login, logout, token refresh). This is the idiomatic PocketBase pattern for Next.js SSR apps. Also updates authentication spec to reflect that the cookie is non-HttpOnly by design (client SDK needs read/write access). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -41,8 +41,10 @@ POCKETBASE_OIDC_ISSUER_URL=https://id.yourdomain.com
|
||||
|
||||
### Session Management
|
||||
|
||||
- PocketBase manages session tokens automatically
|
||||
- Auth state persisted in browser (cookie/localStorage)
|
||||
- PocketBase SDK stores auth in localStorage by default
|
||||
- `pb.authStore.onChange()` listener syncs auth state to `pb_auth` cookie
|
||||
- Cookie enables Next.js middleware to check auth server-side
|
||||
- Cookie is non-HttpOnly (PocketBase SDK requires client-side access)
|
||||
- Session expires after 14 days of inactivity
|
||||
|
||||
## Pages
|
||||
@@ -159,7 +161,7 @@ User profile management:
|
||||
- [ ] GET `/api/user` returns current user data
|
||||
- [ ] PATCH `/api/user` updates user record
|
||||
- [ ] Logout clears session completely
|
||||
- [ ] Auth cookie is HttpOnly and Secure
|
||||
- [ ] Auth cookie syncs via onChange listener (non-HttpOnly per PocketBase design)
|
||||
|
||||
## Future Enhancements
|
||||
|
||||
|
||||
Reference in New Issue
Block a user