Bug: Portal handler redirects with relative URL, causing crash in App Router

### Prerequisites

- [x] I have searched the repository’s issues and [Kinde community](https://thekindecommunity.slack.com/archives/C04K316BXEH) to ensure my issue isn’t a duplicate
- [x] I have checked the latest version of the library to replicate my issue
- [x] I have read the [contributing guidelines](https://github.com/kinde-oss/.github/blob/main/.github/CONTRIBUTING.md)
- [x] I agree to the terms within the [code of conduct](https://github.com/kinde-oss/.github/blob/main/.github/CODE_OF_CONDUCT.md)

### Describe the issue

### Description

When an unauthenticated request hits the `/auth/portal` route, the portal handler in `src/handlers/portal.ts` constructs a relative redirect URL:

```js
if (!accessToken)
  return e.redirect(`${config.apiPath}/${routes.login}`);
```

This produces a relative path like `/api/auth/login`, which is then passed to `AppRouterClient.redirect()`:

```js
redirect(r) {
  return NextResponse.redirect(r);
}
```

`NextResponse.redirect()` requires an absolute URL. This throws:

```
Error: URL is malformed "/api/auth/login". Please use only absolute URLs
```

The `protect` handler correctly prepends `KINDE_SITE_URL` when building the redirect:

```js
const u = new URL(`${process.env.KINDE_SITE_URL}/api/auth/${routes.login}?${params}`);
```

The portal handler should do the same.

### Steps to reproduce

1. Configure `handleAuth()` with App Router at a custom API path (e.g. `/api/auth/[kindeAuth]`)
2. Send an unauthenticated request to `/api/auth/portal` (e.g. `curl -I https://your-app.com/api/auth/portal`)
3. The handler crashes with `Error: URL is malformed`

### Expected behaviour

The portal handler should redirect to an absolute URL (e.g. `https://your-app.com/api/auth/login`) or return a 401 if no token is presented, not crash with a 500.

### Suggested fix

In `src/handlers/portal.ts`, change:

```js
return e.redirect(`${config.apiPath}/${routes.login}`);
```

to:

```js
return e.redirect(`${config.redirectURL}${config.apiPath}/${routes.login}`);
```

This matches how the `protect` handler already constructs its redirect URL.


### Library URL

https://github.com/kinde-oss/kinde-auth-nextjs/

### Library version

2.11.0

### Operating system(s)

macOS

### Operating system version(s)

26.5

### Further environment details

**Environment:**
- Next.js 15 (App Router, standalone output)
- Node.js 24.13.0
- Deployed on AWS ECS Fargate behind CloudFront


### Reproducible test case URL

_No response_

### Additional information

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bug: Portal handler redirects with relative URL, causing crash in App Router #523

Prerequisites

Describe the issue

Description

Steps to reproduce

Expected behaviour

Suggested fix

Library URL

Library version

Operating system(s)

Operating system version(s)

Further environment details

Reproducible test case URL

Additional information

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Bug: Portal handler redirects with relative URL, causing crash in App Router #523

Description

Prerequisites

Describe the issue

Description

Steps to reproduce

Expected behaviour

Suggested fix

Library URL

Library version

Operating system(s)

Operating system version(s)

Further environment details

Reproducible test case URL

Additional information

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions