CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-30 21:01:54 +08:00
Code Issues Actions 44 Packages Projects Releases Wiki Activity
3493df464b
stack/apps
History
Mantra 63d0eeefe9
fix(dashboard,backend): impersonation without logout + fix OAuth routing (#1617) 
## Summary

Two fixes:

**1. Impersonation no longer requires logout** — The generated JS
snippet now clears all auth cookie variants (`hexclave-refresh-{pid}*`,
`stack-refresh-{pid}*`, access tokens) and sets the token in the
structured `hexclave-refresh-{pid}--default` format the SDK reads first.
Previously the snippet only set the legacy cookie, which was ignored
when a structured cookie already existed.

**2. Fix OAuth + other deeply nested API routes returning 404 in dev** —
Moved the API 404 handler from file-based
`api/[...notFoundPath]/route.ts` into the middleware (`proxy.tsx`). The
catch-all at the `api/` level was shadowing dynamic routes 7+ segments
deep (e.g. `auth/oauth/authorize/[provider_id]`) in Turbopack dev mode
(Next.js 16.2.7). The middleware already has `routes` + `SmartRouter`,
so it checks for a match before rewriting and returns the custom 404
directly when nothing matches.

Link to Devin session:
https://app.devin.ai/sessions/d9dcb2d203aa4a6ea36c8cdd2a4a42c2
Requested by: @mantrakp04

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Updated the user impersonation dialog to explicitly state that the
pasted console snippet will replace your current session with the
impersonated user’s session.
* **Refactor**
* Standardized the impersonation console snippet generation to use a
shared token-based approach, including proper expiration handling.
* **Bug Fixes**
* Improved reliability of the impersonation flow by failing when the
required refresh token is unavailable, preventing incomplete snippet
generation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: mantra <mantra@stack-auth.com>
2026-06-18 17:13:06 -07:00
..
backend [codex] Add skill context to Ask Hexclave (#1605) 2026-06-18 11:40:02 -07:00
dashboard fix(dashboard,backend): impersonation without logout + fix OAuth routing (#1617) 2026-06-18 17:13:06 -07:00
dev-launchpad chore: update package versions 2026-06-17 20:31:22 +00:00
e2e User ID filter for email outbox 2026-06-17 13:39:26 -07:00
hosted-components chore: update package versions 2026-06-17 20:31:22 +00:00
internal-tool chore: update package versions 2026-06-17 20:31:22 +00:00
mcp chore: update package versions 2026-06-17 20:31:22 +00:00
mock-oauth-server chore: update package versions 2026-06-17 20:31:22 +00:00
oauth-mock-server In-source unit tests (#429) 2025-02-14 11:47:52 -08:00
skills fix: update AI model selection matrix and custom dashboard generation (#1615) 2026-06-17 15:38:28 -07:00