feat(auth): restore custom Ory Elements login/registration UI#419
Closed
huv1k wants to merge 10 commits into
Closed
feat(auth): restore custom Ory Elements login/registration UI#419huv1k wants to merge 10 commits into
huv1k wants to merge 10 commits into
Conversation
@ory/nextjs@1.0.0-rc.1's guessPotentiallyProxiedOrySdkUrl() returns https://$VERCEL_URL whenever VERCEL_ENV is set and not production, so on staging (VERCEL_ENV=preview) the login flow's base URL became the per-deployment generated URL (web-*.e2b-preview.dev) instead of the canonical e2b-staging.dev. This bounced legs 3-6 of the auth chain (/self-service redirect, flow restarts, form-action rewrites, post-login landing) off the visited origin. Every flow getter already passes the correct request-derived origin as knownProxiedUrl (getPublicUrl()), but the VERCEL_URL branch was checked first. This patch reorders guessPotentiallyProxiedOrySdkUrl to honor an explicit knownProxiedUrl before the Vercel env guesses, across all four compiled copies (app/pages x cjs/mjs). Temporary local patch via bun patch; an upstream change to prefer the request host will follow. Version-pinned to 1.0.0-rc.1.
## Summary - remove Supabase auth provider, callback, OTP, and email/password form flows from dashboard - make Auth.js/Ory the only dashboard auth path and always use bearer + X-Team-ID API headers - remove Supabase env/dependencies/contracts and update docs, tests, and generated OpenAPI contracts
Co-authored-by: dobrac <4323173+dobrac@users.noreply.github.com>
…ments-ui
Resolves conflicts from main's Supabase->Ory auth migration and proxy refactor:
- proxy: adopt main's restructured module (proxy/{runtime,handlers,classifier,
auth-routes}.ts; http/ removed). Re-applied the custom Elements UI Ory SDK
path forwarding (/self-service, /sessions/whoami, ...) into runDashboardProxy
in runtime.ts, gated by isOryCustomUiEnabled().
- src/proxy.ts: take main's thin re-export.
- flags.ts / .env.example: keep our Ory custom-UI flag + env docs.
- oauth-provider-buttons.tsx: accept main's deletion (old Supabase UI; our login
UI uses its own custom-sso-button).
- tests/integration/proxy.test.ts: accept main's deletion (Supabase-coupled;
superseded by main's proxy unit tests).
- src/ui/text-separator.tsx: restored (consumed by the custom login divider;
main only dropped it with the old auth forms).
- bun.lock: regenerated.
@ory/nextjs request-host patch and custom Ory Elements login/registration UI
preserved.
The merge's bun.lock was regenerated from a conflicted lockfile, bumping every caret range to latest — zod went 4.1.12 -> 4.4.3, whose stricter .refine() callback inference broke the build (sandbox.ts: 'startMs' implicitly any). Reset the lockfile to main's resolved versions and reconciled only for the @ory/nextjs patch, so zod (and knip, @team-plain, etc.) snap back to the versions main builds against.
Replace the NEXT_PUBLIC_ORY_CUSTOM_UI env guard with the PostHog `ory-custom-ui` feature flag so the custom @ory/elements-react login/registration UI can be rolled out per environment without a redeploy. - Add posthog-node and a PostHog FeatureFlagProvider plugged into the existing flag-service abstraction (postHogFeatureFlags). Evaluates server-side with the deploy `environment` (VERCEL_ENV ?? NODE_ENV) sent as a person property, so the flag targets preview/staging + local dev (on) and production (off), and resolves consistently for anonymous pre-auth visitors. Feature-flag events are disabled on the hot path; any error/misconfig falls back to the flag default. - Move isOryCustomUiEnabled() to a server-only async helper; await it in the middleware (gated behind the Ory SDK path check) and the login/registration pages. Mark those pages force-dynamic so the flag is evaluated per request. - Make FeatureFlagContextInput.userId optional; LaunchDarkly context now emits an anonymous context when absent (userId-present path unchanged). - Drop NEXT_PUBLIC_ORY_CUSTOM_UI from env.ts and .env.example. - Add unit coverage for the PostHog provider. posthog-node resolves to its edge build, so the flag evaluates in the Edge middleware (verified by next build).
GitHub was dropped from the Ory SSO provider map, so GitHub OAuth buttons rendered without the branded label/logo. Re-add GitHub to PROVIDERS and resolveProvider with a theme-aware GitHubLogo (light/dark variants), mirroring the Google entry.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Restores the custom Ory Elements login/registration UI originally landed in #380 and reverted in #399.
What this brings back
src/app/login/**,src/app/registration/**)src/configs/ory.ts,src/proxy.ts)Beyond the original #380
Two follow-up commits made after the original PR are included:
16c3e0b9— gate the custom Ory UI behindNEXT_PUBLIC_ORY_CUSTOM_UI4c702d54— forward Ory SDK paths to Kratos before the auth-session bypassStaging/preview redirect fix (separate commit)
c9475746— patch@ory/nextjsto honor the request host on Vercel preview.@ory/nextjs@1.0.0-rc.1'sguessPotentiallyProxiedOrySdkUrl()returnshttps://$VERCEL_URLwheneverVERCEL_ENVis set and the env is not production, so on staging (VERCEL_ENV=preview) the login flow's base URL became the per-deployment generated URL (web-*.e2b-preview.dev) instead of the canonicale2b-staging.dev. That bounced legs 3–6 of the auth chain (/self-serviceredirect, flow restarts, form-action rewrites, post-login landing) off the visited origin.The flow getters already pass the correct request-derived origin as
knownProxiedUrl(getPublicUrl()), but theVERCEL_URLbranch was checked first. The patch reordersguessPotentiallyProxiedOrySdkUrlto honor an explicitknownProxiedUrlbefore the Vercel env guesses, across all four compiled copies (app/pages × cjs/mjs).Applied as a temporary local patch via
bun patch(version-pinned to1.0.0-rc.1); an upstream change to make the library prefer the request host will follow.Notes
main;bun.lockregenerated (only lockfile conflict on merge).tests/integration/proxy.test.tspassing locally (11/11).