fix: use absolute URL in portal handler unauthenticated redirect

[shafaladhikari]

Explain your changes

Fixes #523

The portal handler redirected unauthenticated requests using a relative path:

return routerClient.redirect(`${config.apiPath}/${routes.login}`);

NextResponse.redirect() requires an absolute URL, so this crashed with Error: URL is malformed "/api/auth/login" in App Router.

Fixed by prepending config.redirectURL (i.e. KINDE_SITE_URL) to produce an absolute URL, consistent with how callback.ts already constructs the same redirect:

return routerClient.redirect(
  new URL(`${config.redirectURL}${config.apiPath}/${routes.login}`).toString(),
);

Checklist

• I have read the "Pull requests" section in the contributing guidelines.
• I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

[coderabbitai]

Warning

Review limit reached

@shafaladhikari, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 3 minutes and 7 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 39f1e8d5-92a8-4073-a4a9-c436b06f096f

📥 Commits

Reviewing files that changed from the base of the PR and between 3d77c51 and d26ba23.

📒 Files selected for processing (1)

• playground/src/components/test-auth.tsx

Walkthrough

This PR fixes a crash in the portal handler when an unauthenticated request is made with a relative redirect URL, and adds a new TestAuth playground component for verifying authentication and role data during development.

Changes

Auth handler and testing updates

Layer / File(s)	Summary
Portal handler absolute redirect URL src/handlers/portal.ts	Portal handler now constructs an absolute redirect URL by prepending config.redirectURL to the login path, fixing a crash when NextResponse.redirect() receives a relative path.
TestAuth playground component playground/src/components/test-auth.tsx	New client component that uses useKindeAuth to log roles to console when authenticated, providing a testing utility in the playground.

---

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The PR includes a secondary commit adding a test-auth.tsx component that is unrelated to the linked issue #523 about fixing the portal handler redirect URL.	Remove the test-auth.tsx component addition or create a separate PR for it, as it is outside the scope of fixing issue #523.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main change: fixing the portal handler to use an absolute URL instead of a relative path in the unauthenticated redirect.
Description check	✅ Passed	The PR description is directly related to the changeset, explaining the bug fix with code examples, the root cause, and the solution applied.
Linked Issues check	✅ Passed	The PR addresses issue #523 by modifying src/handlers/portal.ts to prepend config.redirectURL to construct an absolute URL for the unauthenticated redirect, matching the expected behavior.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@playground/src/components/test-auth.tsx`:
- Around line 11-15: The useEffect calls printRoles but doesn't list it in
dependencies causing an exhaustive-deps violation; either move the printRoles
implementation inside the useEffect that depends on isAuthenticated (so only
isAuthenticated stays in the dependency array) or wrap the component-level
printRoles with useCallback and add printRoles to the dependency array; update
the useEffect signature to reference the corrected dependency setup (useEffect,
isAuthenticated, printRoles).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e9fe1701-d5a3-4513-9137-4bc3949d9143

📥 Commits

Reviewing files that changed from the base of the PR and between d2e1f94 and 3d77c51.

📒 Files selected for processing (2)

• playground/src/components/test-auth.tsx
• src/handlers/portal.ts