Login Fixes

[michaelcanova]

Issue

One large issue we noticed, was that if a user tried to log in using Google's SSO when they already have a base email/password account, it would fail and lead to a blank page. A blank page can be confusing to the user, so the solution would be to redirect them to our individual login page. We ran into registration issues in the past as well with this fix, which is now resolved after thorough testing.

Before

After

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
web	Ready	Preview	Comment	Oct 23, 2025 8:14pm

[syqs]

Overall good improvement just nitpicking around consistency.

// Debug flag tho, feels like an oversight that should be remedied before going to prod
const DEBUG_AUTH = true;

[syqs]

Good refactor 🦾

[michaelcanova]

❤️

[syqs]

Should standardize error handling and use consistent error classes (:144-150)
Good usage example in auth.service.ts and services/publication.service.ts (Lines 52-54, 69-76):

// Should be something like this:
const errorType = error instanceof Error ? error.message : 'AuthenticationFailed';
console.error('[Auth] Google OAuth error', {
error: errorType,
errorType: error instanceof Error ? error.constructor.name : typeof error,
stack: error instanceof Error ? error.stack : undefined,
timestamp: new Date().toISOString(),
});
throw new NextAuthError(errorType, 'OAUTH_ERROR');

// add this to the top after imports
export class NextAuthError extends Error {
constructor(
message: string,
public readonly code: string
) {
super(message);
this.name = 'NextAuthError';
}
}

[michaelcanova]

Good catch! I agree!

[syqs]

This could perhaps be refactored for slightly better readability and consistency:

const errorValues = Object.values(data as Record<string, string[]>)?.[0];
const errorMsg = Array.isArray(errorValues)
? errorValues[0]
: typeof errorValues === 'string'
? errorValues
: 'Registration failed';

[michaelcanova]

Makes sense to me, ill update and test it now!

[syqs]

I see this change has been here a while but it feels like security risk so maybe we should change it to something like:

const DEBUG_AUTH = process.env.NODE_ENV === 'development';

[michaelcanova]

I'll defer to @yattias on whether this is something he wants changed currently.

[yattias]

We can remove it in another PR

[sonarqubecloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[nicktytarenko]

i think we can simplify the logic a bit. i am not 100% sure but according to the nextjs doc it can be simplified a bit

[nicktytarenko]

do we need new props?

[nicktytarenko]

where are these errors specified?

[nicktytarenko]

I think we are doing wrong mapping here. because the error we are trying to handle is resulting with 400 error (When trying to register with an email that's already registered).

[nicktytarenko]

According to the NextAuth documentation, the signIn callback can return a URL string to redirect users directly. This would eliminate the current redirect chain and provide a cleaner user experience.

Current approach:

• Return false → NextAuth redirects to /auth/error
• Error page redirects to /auth/signin with error param
• Sign-in page processes error code and shows message

Proposed approach:

• Return URL directly: /auth/signin?errorMessage=Please use email and password to login to your account.
• Sign-in page reads errorMessage param and displays it
• Remove errorMessage param from URL after rendering to clean up the URL

Benefits:

• Eliminates unnecessary redirect chain
• Cleaner, more maintainable code
• Custom error messages without complex error code mapping