From 9933c3678e8f1739016014ff6530442bbf8eb6b8 Mon Sep 17 00:00:00 2001
From: le king fu <lekingfu@protonmail.com>
Date: Wed, 8 Apr 2026 13:28:08 -0400
Subject: [PATCH] fix: pass full URL to handleSignIn for callback URI matching

The Logto SDK needs the full callback URL (not just searchParams) to
verify it matches the redirect URI registered during sign-in.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 web/src/app/api/logto/callback/route.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/web/src/app/api/logto/callback/route.ts b/web/src/app/api/logto/callback/route.ts
index 6ffbd82..8449d1c 100644
--- a/web/src/app/api/logto/callback/route.ts
+++ b/web/src/app/api/logto/callback/route.ts
@@ -6,7 +6,10 @@ import { type NextRequest } from 'next/server';
 export const dynamic = 'force-dynamic';
 
 export async function GET(request: NextRequest) {
-  const searchParams = request.nextUrl.searchParams;
-  await handleSignIn(logtoConfig, searchParams);
+  const callbackUrl = new URL(
+    `/api/logto/callback?${request.nextUrl.searchParams.toString()}`,
+    logtoConfig.baseUrl
+  );
+  await handleSignIn(logtoConfig, callbackUrl);
   redirect('/');
 }