From b6aecd7d89ddc1998de02d17c160c986d26bf856 Mon Sep 17 00:00:00 2001
From: Will Anderson <will.anderson@neurontechnologies.ai>
Date: Tue, 12 May 2026 14:32:39 -0500
Subject: [PATCH] Fix magic-link sign-in: implicit flow + redirect to /account
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

account-auth.el was using flowType:'pkce' while account-dashboard.el
uses 'implicit'. After the OTP redirect, the dashboard's implicit
client couldn't exchange the PKCE code — so the sign-in silently
failed. Fix: match implicit flow across both clients.

Also adds emailRedirectTo so the link lands on /account instead of
the site root.
---
 src/js/account-auth.el | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/js/account-auth.el b/src/js/account-auth.el
index d777e1e..20ec22d 100644
--- a/src/js/account-auth.el
+++ b/src/js/account-auth.el
@@ -11,7 +11,7 @@ fn main() -> Void {
   'use strict';
   var cfg = window.NEURON_CFG || {};
   var sb = supabase.createClient(cfg.supabase_url, cfg.supabase_anon_key, {
-    auth: { flowType: 'pkce' }
+    auth: { flowType: 'implicit' }
   });
 
   window.sendMagicLink = async function() {
@@ -25,7 +25,10 @@ fn main() -> Void {
       return;
     }
     if (btn) { btn.disabled = true; btn.textContent = 'Sending...'; }
-    var result = await sb.auth.signInWithOtp({ email: email });
+    var result = await sb.auth.signInWithOtp({
+      email: email,
+      options: { emailRedirectTo: window.location.origin + '/account' }
+    });
     if (btn) { btn.disabled = false; btn.textContent = 'Continue with email'; }
     msgEl.style.display = 'block';
     if (result.error) {