Skip to content

feat(auth): custom Ory Elements login UI#413

Closed
huv1k wants to merge 16 commits into
mainfrom
huv1k/ory-custom-login-flows
Closed

feat(auth): custom Ory Elements login UI#413
huv1k wants to merge 16 commits into
mainfrom
huv1k/ory-custom-login-flows

Conversation

@huv1k

@huv1k huv1k commented Jun 15, 2026

Copy link
Copy Markdown
Member

Restores the custom Ory Elements login/registration UI originally landed in #380 and reverted in #399.

What this brings back

  • Custom Ory Elements login & registration pages (src/app/login/**, src/app/registration/**)
  • SSO provider buttons with inline GitHub / Google logos and an "or" divider
  • Ory proxy/config wiring (src/configs/ory.ts, src/proxy.ts)

Beyond the original #380

Two follow-up commits made after the original PR are included:

  • 16c3e0b9 — gate the custom Ory UI behind NEXT_PUBLIC_ORY_CUSTOM_UI
  • 4c702d54 — forward Ory SDK paths to Kratos before the auth-session bypass

Notes

  • Updated to current main; bun.lock regenerated (only lockfile conflict on merge).
  • Opened as draft for re-review before re-landing.
  • tests/integration/proxy.test.ts passing locally (11/11).

huv1k and others added 15 commits June 10, 2026 14:23
Replace the stock Kratos self-service UI for the login flow with a custom
@ory/elements-react page at /login, styled with the dashboard's own design
system (no Ory default theme CSS).

- add @ory/elements-react + @ory/nextjs deps
- src/configs/ory.ts: OryClientConfiguration (login-only scope)
- src/app/login: server page (getLoginFlow + per-request sdk.url = own origin),
  client <Login> wrapper, layout, and component overrides for card/header/
  input/button/label/sso/form-group/message
- src/proxy.ts: wire @ory/nextjs createOryMiddleware so /self-service etc.
  proxy to Kratos same-origin (first-party cookies, no CORS)
- env: NEXT_PUBLIC_ORY_SDK_URL (browser-facing Kratos public URL)
- Add svgl Google/GitHub logos via shadcn registry (@svgl)
- Show provider logo + 'Continue with …' on Ory SSO buttons
- GitHub logo toggles light/dark variants via Tailwind dark: variant
- Replace bare login divider with an 'or' separator
- Resolve provider via node.attributes.value (stable id) so the logo +
  'Continue with …' label render (the provider prop is a display label)
- Remove logos/index.ts barrel in favor of direct imports
- Add /register route (page, layout, card) mirroring /login, using
  @ory/elements-react <Registration> + getRegistrationFlow
- Make shared card header/footer/submit-button flow-aware (Sign in vs
  Sign up; registration footer shows sign-in link + legal copy)
- Enable registration in ory config, point registration_ui_url at /register
- Add 'Don't have an account? Sign up' footer to the login card (-> /register)
- Move GitHubLogo into oauth-provider-buttons and drop the shared
  logos/github-logo.tsx; remove GitHub from the Ory SSO provider map
Rename /register route to /registration and update registration_ui_url
and the login footer 'Sign up' link to match.
…to Ory proxy

- Drop logos/google-logo.tsx wrapper; oauth-provider-buttons and the Ory
  SSO button now use the @svgl Google icon directly with sizing
- Pass oryConfig.project to createOryMiddleware so Kratos redirect/body
  URLs are rewritten onto our /login and /registration UIs
- Add isOryCustomUiEnabled() (Ory enabled && VERCEL_ENV !== production)
- Gate the proxy Ory-SDK short-circuit and the /login + /registration
  pages on it; production keeps Ory auth on but uses its existing flow
- Drop redundant component-label comments, keeping only core why-notes
proxy.ts now imports createOryMiddleware (@ory/nextjs/middleware), whose
ESM bare-imports 'next/server'; inline it like next-auth so vitest resolves
Next's exports. Fixes proxy.test.ts and auth-ory-entrypoints.test.ts.
Replace the VERCEL_ENV-based gate with an explicit NEXT_PUBLIC_ORY_CUSTOM_UI flag.
isOryCustomUiEnabled() is read in Edge middleware, where VERCEL_ENV/AUTH_PROVIDER
are inlined at build time and resolve to undefined in standalone/self-hosted
builds (anything but `next dev`) — silently disabling the same-origin Ory proxy.
A NEXT_PUBLIC_ flag is readable at request time everywhere and lets the local
harness opt in explicitly while production leaves it unset (keeping /sign-in).
…pass

/self-service/* classifies as public (needsOryAuthJsSession: false), so the
short-circuit ran too late and those requests fell through to Next, breaking
custom-UI flow creation and form submits. Move the gated Ory-SDK proxy branch
to the top of proxy(). Add a regression test covering both enabled/disabled.
@cla-bot cla-bot Bot added the cla-signed label Jun 15, 2026
@vercel

vercel Bot commented Jun 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
web Error Error Jun 15, 2026 12:25pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant