From d64016d1e5824cd5f5c08ccb573fa4084dfde5a3 Mon Sep 17 00:00:00 2001
From: Till-JS <101404291+Till-JS@users.noreply.github.com>
Date: Mon, 2 Feb 2026 16:29:17 +0100
Subject: [PATCH] fix(mana-core-auth): exclude /api/auth/get-session from
 global prefix

The get-session endpoint needs to be accessible at /api/auth/get-session
(without the /api/v1 prefix) for SSO to work.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 services/mana-core-auth/src/main.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/mana-core-auth/src/main.ts b/services/mana-core-auth/src/main.ts
index 8a27731fb..e17eeb1eb 100644
--- a/services/mana-core-auth/src/main.ts
+++ b/services/mana-core-auth/src/main.ts
@@ -109,7 +109,8 @@ async function bootstrap() {
 			{ path: 'health', method: RequestMethod.ALL },
 			// OIDC login page
 			{ path: 'login', method: RequestMethod.ALL },
-			// Better Auth routes (verification emails, password reset, sign-in)
+			// Better Auth routes (verification emails, password reset, sign-in, SSO)
+			{ path: 'api/auth/get-session', method: RequestMethod.ALL },
 			{ path: 'api/auth/verify-email', method: RequestMethod.ALL },
 			{ path: 'api/auth/reset-password/(.*)', method: RequestMethod.ALL },
 			{ path: 'api/auth/sign-in/(.*)', method: RequestMethod.ALL },