Skip to content

feat(auth): restore custom Ory Elements login/registration UI#419

Closed
huv1k wants to merge 10 commits into
huv1k/ory-custom-login-flowsfrom
huv1k/restore-ory-elements-ui
Closed

feat(auth): restore custom Ory Elements login/registration UI#419
huv1k wants to merge 10 commits into
huv1k/ory-custom-login-flowsfrom
huv1k/restore-ory-elements-ui

Conversation

@huv1k

@huv1k huv1k commented Jun 16, 2026

Copy link
Copy Markdown
Member

Restores the custom Ory Elements login/registration UI originally landed in #380 and reverted in #399.

What this brings back

  • Custom Ory Elements login & registration pages (src/app/login/**, src/app/registration/**)
  • SSO provider buttons with inline GitHub / Google logos and an "or" divider
  • Ory proxy/config wiring (src/configs/ory.ts, src/proxy.ts)

Beyond the original #380

Two follow-up commits made after the original PR are included:

  • 16c3e0b9 — gate the custom Ory UI behind NEXT_PUBLIC_ORY_CUSTOM_UI
  • 4c702d54 — forward Ory SDK paths to Kratos before the auth-session bypass

Staging/preview redirect fix (separate commit)

  • c9475746 — patch @ory/nextjs to honor the request host on Vercel preview.

    @ory/nextjs@1.0.0-rc.1's guessPotentiallyProxiedOrySdkUrl() returns https://$VERCEL_URL whenever VERCEL_ENV is set and the env is not production, so on staging (VERCEL_ENV=preview) the login flow's base URL became the per-deployment generated URL (web-*.e2b-preview.dev) instead of the canonical e2b-staging.dev. That bounced legs 3–6 of the auth chain (/self-service redirect, flow restarts, form-action rewrites, post-login landing) off the visited origin.

    The flow getters already pass the correct request-derived origin as knownProxiedUrl (getPublicUrl()), but the VERCEL_URL branch was checked first. The patch reorders guessPotentiallyProxiedOrySdkUrl to honor an explicit knownProxiedUrl before the Vercel env guesses, across all four compiled copies (app/pages × cjs/mjs).

    Applied as a temporary local patch via bun patch (version-pinned to 1.0.0-rc.1); an upstream change to make the library prefer the request host will follow.

Notes

  • Updated to current main; bun.lock regenerated (only lockfile conflict on merge).
  • Opened as draft for re-review before re-landing.
  • tests/integration/proxy.test.ts passing locally (11/11).

huv1k and others added 10 commits June 15, 2026 15:02
@ory/nextjs@1.0.0-rc.1's guessPotentiallyProxiedOrySdkUrl() returns
https://$VERCEL_URL whenever VERCEL_ENV is set and not production, so on
staging (VERCEL_ENV=preview) the login flow's base URL became the
per-deployment generated URL (web-*.e2b-preview.dev) instead of the
canonical e2b-staging.dev. This bounced legs 3-6 of the auth chain
(/self-service redirect, flow restarts, form-action rewrites, post-login
landing) off the visited origin.

Every flow getter already passes the correct request-derived origin as
knownProxiedUrl (getPublicUrl()), but the VERCEL_URL branch was checked
first. This patch reorders guessPotentiallyProxiedOrySdkUrl to honor an
explicit knownProxiedUrl before the Vercel env guesses, across all four
compiled copies (app/pages x cjs/mjs).

Temporary local patch via bun patch; an upstream change to prefer the
request host will follow. Version-pinned to 1.0.0-rc.1.
## Summary
- remove Supabase auth provider, callback, OTP, and email/password form
flows from dashboard
- make Auth.js/Ory the only dashboard auth path and always use bearer +
X-Team-ID API headers
- remove Supabase env/dependencies/contracts and update docs, tests, and
generated OpenAPI contracts
Co-authored-by: dobrac <4323173+dobrac@users.noreply.github.com>
…ments-ui

Resolves conflicts from main's Supabase->Ory auth migration and proxy refactor:
- proxy: adopt main's restructured module (proxy/{runtime,handlers,classifier,
  auth-routes}.ts; http/ removed). Re-applied the custom Elements UI Ory SDK
  path forwarding (/self-service, /sessions/whoami, ...) into runDashboardProxy
  in runtime.ts, gated by isOryCustomUiEnabled().
- src/proxy.ts: take main's thin re-export.
- flags.ts / .env.example: keep our Ory custom-UI flag + env docs.
- oauth-provider-buttons.tsx: accept main's deletion (old Supabase UI; our login
  UI uses its own custom-sso-button).
- tests/integration/proxy.test.ts: accept main's deletion (Supabase-coupled;
  superseded by main's proxy unit tests).
- src/ui/text-separator.tsx: restored (consumed by the custom login divider;
  main only dropped it with the old auth forms).
- bun.lock: regenerated.

@ory/nextjs request-host patch and custom Ory Elements login/registration UI
preserved.
The merge's bun.lock was regenerated from a conflicted lockfile, bumping
every caret range to latest — zod went 4.1.12 -> 4.4.3, whose stricter
.refine() callback inference broke the build (sandbox.ts: 'startMs'
implicitly any). Reset the lockfile to main's resolved versions and
reconciled only for the @ory/nextjs patch, so zod (and knip, @team-plain,
etc.) snap back to the versions main builds against.
Replace the NEXT_PUBLIC_ORY_CUSTOM_UI env guard with the PostHog
`ory-custom-ui` feature flag so the custom @ory/elements-react
login/registration UI can be rolled out per environment without a redeploy.

- Add posthog-node and a PostHog FeatureFlagProvider plugged into the existing
  flag-service abstraction (postHogFeatureFlags). Evaluates server-side with the
  deploy `environment` (VERCEL_ENV ?? NODE_ENV) sent as a person property, so
  the flag targets preview/staging + local dev (on) and production (off), and
  resolves consistently for anonymous pre-auth visitors. Feature-flag events are
  disabled on the hot path; any error/misconfig falls back to the flag default.
- Move isOryCustomUiEnabled() to a server-only async helper; await it in the
  middleware (gated behind the Ory SDK path check) and the login/registration
  pages. Mark those pages force-dynamic so the flag is evaluated per request.
- Make FeatureFlagContextInput.userId optional; LaunchDarkly context now emits an
  anonymous context when absent (userId-present path unchanged).
- Drop NEXT_PUBLIC_ORY_CUSTOM_UI from env.ts and .env.example.
- Add unit coverage for the PostHog provider.

posthog-node resolves to its edge build, so the flag evaluates in the Edge
middleware (verified by next build).
GitHub was dropped from the Ory SSO provider map, so GitHub OAuth buttons
rendered without the branded label/logo. Re-add GitHub to PROVIDERS and
resolveProvider with a theme-aware GitHubLogo (light/dark variants), mirroring
the Google entry.
@cla-bot cla-bot Bot added the cla-signed label Jun 16, 2026
@vercel

vercel Bot commented Jun 16, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
web Ready Ready Preview, Comment Jun 16, 2026 10:25am

Request Review

@huv1k huv1k closed this Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants