From 857ec7d4d465c528eea4433af01d05aff9b25a91 Mon Sep 17 00:00:00 2001 From: Jiayuan Zhang Date: Wed, 8 Apr 2026 10:22:19 +0800 Subject: [PATCH] fix(auth): persist browser session during CLI login flow When authenticating via CLI, the login page called api.verifyCode() directly and redirected to the CLI callback without saving the JWT to localStorage or setting the logged-in cookie. This meant the browser had no session after CLI login, forcing users to log in again when visiting multica.ai. Now the token is saved to localStorage and the cookie is set before redirecting to the CLI callback, so both CLI and web app share the same authentication. Co-Authored-By: Claude Opus 4.6 (1M context) --- apps/web/app/(auth)/login/page.tsx | 6 +++++- apps/web/features/auth/index.ts | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/web/app/(auth)/login/page.tsx b/apps/web/app/(auth)/login/page.tsx index 34194933..f82532ca 100644 --- a/apps/web/app/(auth)/login/page.tsx +++ b/apps/web/app/(auth)/login/page.tsx @@ -2,7 +2,7 @@ import { Suspense, useState, useEffect, useCallback } from "react"; import { useSearchParams, useRouter } from "next/navigation"; -import { useAuthStore } from "@/features/auth"; +import { useAuthStore, setLoggedInCookie } from "@/features/auth"; import { useWorkspaceStore } from "@/features/workspace"; import { api } from "@/shared/api"; import { @@ -146,6 +146,10 @@ function LoginPageContent() { return; } const { token } = await api.verifyCode(email, value); + // Persist session in the browser so the web app stays logged in + localStorage.setItem("multica_token", token); + api.setToken(token); + setLoggedInCookie(); const cliState = searchParams.get("cli_state") || ""; redirectToCliCallback(cliCallback, token, cliState); return; diff --git a/apps/web/features/auth/index.ts b/apps/web/features/auth/index.ts index e0458c48..8122213a 100644 --- a/apps/web/features/auth/index.ts +++ b/apps/web/features/auth/index.ts @@ -1,2 +1,3 @@ export { useAuthStore } from "./store"; export { AuthInitializer } from "./initializer"; +export { setLoggedInCookie } from "./auth-cookie";