fix: improve auth handling and logging

app/[lang]/(live)/(public)/login/route.ts

@@ -15,28 +15,46 @@ export async function GET(
   let redirectTo: string
 
   const returnUrl = request.headers.get("x-returnurl")
-  const isMFA = request.headers.get("x-mfa-login")
-
-  // This is to support seamless login when using magic link login
-  const isMagicLinkUpdateLogin = !!request.headers.get("x-magic-link")
+  const isSeamless = request.headers.get("x-login-source") === "seamless"
+  const isMFA = request.headers.get("x-login-source") === "mfa"
+  const isSeamlessMagicLink =
+    request.headers.get("x-login-source") === "seamless-magiclink"
 
   if (!env.PUBLIC_URL) {
     throw internalServerError("No value for env.PUBLIC_URL")
   }
 
-  if (returnUrl) {
-    // Seamless login request from Current web
-    redirectTo = returnUrl
+  console.log(
+    `[login] source: ${request.headers.get("x-login-source") || "normal"}`
+  )
+
+  const redirectToCookieValue = request.cookies.get("redirectTo")?.value // Cookie gets set by authRequired middleware
+  const redirectToSearchParamValue =
+    request.nextUrl.searchParams.get("redirectTo")
+  const redirectToFallback = "/"
+  console.log(`[login] redirectTo cookie value: ${redirectToCookieValue}`)
+  console.log(
+    `[login] redirectTo search param value: ${redirectToSearchParamValue}`
+  )
+
+  if (isSeamless) {
+    if (returnUrl) {
+      redirectTo = returnUrl
+    } else {
+      console.log(
+        `[login] missing returnUrl, using fallback: ${redirectToFallback}`
+      )
+      redirectTo = redirectToFallback
+    }
   } else {
-    // Normal login request from New web
     redirectTo =
-      request.cookies.get("redirectTo")?.value || // Cookie gets set by authRequired middleware
-      request.nextUrl.searchParams.get("redirectTo") ||
-      "/"
+      redirectToCookieValue || redirectToSearchParamValue || redirectToFallback
 
     // Make relative URL to absolute URL
     if (redirectTo.startsWith("/")) {
+      console.log(`[login] make redirectTo absolute, from ${redirectTo}`)
       redirectTo = new URL(redirectTo, env.PUBLIC_URL).href
+      console.log(`[login] make redirectTo absolute, to ${redirectTo}`)
     }
 
     // Clean up cookie from authRequired middleware
@@ -70,7 +88,11 @@ export async function GET(
           break
       }
       const redirectUrl = new URL(redirectUrlValue)
+      console.log(`[login] creating redirect to seamless login: ${redirectUrl}`)
       redirectUrl.searchParams.set("returnurl", redirectTo)
+      console.log(
+        `[login] returnurl for seamless login: ${redirectUrl.searchParams.get("returnurl")}`
+      )
       redirectTo = redirectUrl.toString()
 
       /** Set cookie with redirect Url to appropriately redirect user when using magic link login */
@@ -94,10 +116,8 @@ export async function GET(
      * automatically redirecting to it inside of `signIn`.
      * https://github.com/nextauthjs/next-auth/blob/3c035ec/packages/next-auth/src/lib/actions.ts#L76
      */
-    console.log({ login_NEXTAUTH_URL: process.env.NEXTAUTH_URL })
+    console.log(`[login] final redirectUrl: ${redirectTo}`)
     console.log({ login_env: process.env })
-
-    console.log({ login_redirectTo: redirectTo })
     const params = {
       ui_locales: context.params.lang,
       scope: ["openid", "profile"].join(" "),
@@ -117,6 +137,7 @@ export async function GET(
       // This is new param set for differentiate between the Magic link login of New web and current web
       version: "2",
     }
+
     if (isMFA) {
       // Append profile_update scope for MFA
       params.scope = params.scope + " profile_udpate"
@@ -126,9 +147,10 @@ export async function GET(
        */
       params.acr_values =
         "urn:se:curity:authentication:otp-authenticator:OTP-Authenticator_web"
-    } else if (isMagicLinkUpdateLogin) {
+    } else if (isSeamlessMagicLink) {
       params.acr_values = "abc"
     }
+
     const redirectUrl = await signIn(
       "curity",
       {