Auth Routes
The auth route group handles login, signup, and Supabase callback exchange while keeping auth state and guards in shared auth infrastructure.
On this page
Route structure
| Path | Purpose | Owner |
|---|---|---|
| src/app/(auth)/layout.tsx | Auth-only layout and authenticated redirect handling. | src/app/(auth)/_components |
| src/app/(auth)/login/page.tsx | Sign-in page. | src/app/(auth)/_components/auth-form.tsx |
| src/app/(auth)/signup/page.tsx | Sign-up page. | src/app/(auth)/_components/auth-form.tsx |
| src/app/(auth)/auth/callback/route.ts | Supabase callback exchange and redirect. | src/lib/auth/callback-flow.ts |
| src/app/(auth)/_components | Auth form and split-layout presentation. | Auth route-private UI |
Session flow
Supabase manages sessions with cookies. The callback route exchanges the provider code, then redirects through the auth callback flow.
Split layout
Auth pages use route-private presentation and branding values without mixing dashboard code into public auth pages.
Redirect logic
Authenticated users are redirected away from auth pages and protected dashboard routes use server-side guards.
Auth modification rules
- Keep auth route handlers thin and delegate callback behavior to lib/auth.
- Do not expose service-role credentials to browser auth code.
- Test login, OAuth callback, logout, and protected-route redirects after auth changes.
- Verify Supabase redirect URLs whenever the deployment domain changes.