fix: handle auth email callbacks explicitly

2026-05-31 15:38:38 +08:00
parent 08aafeffcb
commit 0e2f24288f
3 changed files with 87 additions and 18 deletions
@@ -22,32 +22,47 @@ function startCountdown() {

 onMounted(async () => {
  try {
+    const search = new URLSearchParams(window.location.search)
    const hash = window.location.hash.slice(1)
    const params = new URLSearchParams(hash)
+    const code = search.get('code')
    const accessToken = params.get('access_token')
    const refreshToken = params.get('refresh_token')
    const type = params.get('type')
-    const error = params.get('error')
+    const error = search.get('error') ?? params.get('error')

    if (error) {
      state.value = 'failed'
      return
    }

-    if (type === 'signup' && accessToken && refreshToken) {
+    if (code || (type === 'signup' && accessToken && refreshToken)) {
      const confirmClient = createClient(
        import.meta.env.VITE_SUPABASE_URL,
        import.meta.env.VITE_SUPABASE_PUBLISHABLE_KEY,
+        {
+          auth: {
+            detectSessionInUrl: false,
+          },
+        },
      )

-      const { error: setSessionError } = await confirmClient.auth.setSession({
-        access_token: accessToken,
-        refresh_token: refreshToken,
-      })
+      if (code) {
+        const { error: exchangeError } = await confirmClient.auth.exchangeCodeForSession(code)
+        if (exchangeError) {
+          state.value = 'failed'
+          return
+        }
+      } else {
+        const { error: setSessionError } = await confirmClient.auth.setSession({
+          access_token: accessToken!,
+          refresh_token: refreshToken!,
+        })

-      if (setSessionError) {
-        state.value = 'failed'
-        return
+        if (setSessionError) {
+          state.value = 'failed'
+          return
+        }
      }

      await confirmClient.auth.signOut()