fix(shared-auth): set SSO session cookie on login

The signIn() method only called the custom /api/v1/auth/login endpoint which returns JWT tokens but doesn't set a session cookie. Without the cookie, cross-subdomain SSO (trySSO) can never find an active session. Now also calls Better Auth's native /api/auth/sign-in/email with credentials:'include' after successful login, which sets the session cookie with Domain=.mana.how for cross-subdomain SSO. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-14 21:41:09 +02:00 · 2026-03-20 19:27:33 +01:00 · 2026-03-20 19:27:33 +01:00 · 720602343e
commit 720602343e
parent 5c9e16f634
1 changed files with 13 additions and 0 deletions
--- a/packages/shared-auth/src/core/authService.ts
+++ b/packages/shared-auth/src/core/authService.ts
@ -95,6 +95,19 @@ export function createAuthService(config: AuthServiceConfig) {
 					storage.setItem(storageKeys.USER_EMAIL, email),
 				]);

+				// Also sign in via Better Auth native endpoint to set session cookie
+				// This enables cross-subdomain SSO (cookie shared across *.mana.how)
+				try {
+					await fetch(`${baseUrl}/api/auth/sign-in/email`, {
+						method: 'POST',
+						credentials: 'include',
+						headers: { 'Content-Type': 'application/json' },
+						body: JSON.stringify({ email, password }),
+					});
+				} catch {
+					// SSO cookie is nice-to-have, don't fail login if this fails
+				}
+
 				return { success: true };
 			} catch (error) {
 				console.error('Error signing in:', error);