Petru Paler
2ae6804cc4
All checks were successful
Deploy / deploy (push) Successful in 1m37s
Root cause: PocketBase SDK stores auth in localStorage, but Next.js middleware checks for pb_auth cookie. The cookie was never being set after successful OAuth login. Fix: Add pb.authStore.onChange() listener that syncs auth state to cookie on any change (login, logout, token refresh). This is the idiomatic PocketBase pattern for Next.js SSR apps. Also updates authentication spec to reflect that the cookie is non-HttpOnly by design (client SDK needs read/write access). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>