feat: update authentication flow and environment configuration

- Update sign-in and sign-up forms to provide more specific error messages for user feedback.
- Add BASE_URL environment variable for better handling of deployment paths in Docusaurus.
- Refactor URL handling in auth-client and callback components to auto-detect base paths.
- Introduce utility functions for managing base URL detection and redirect URI generation.
- Update .env.example to include new environment variable documentation.

These changes improve user experience during authentication and streamline deployment configurations.

Author: mjunaidca

.github/workflows/deploy.yml

@@ -52,6 +52,7 @@ jobs:
           # These are read by docusaurus.config.ts via process.env
           AUTH_URL: ${{ secrets.AUTH_URL }}
           OAUTH_CLIENT_ID: ${{ secrets.OAUTH_CLIENT_ID }}
+          BASE_URL: ${{ secrets.BASE_URL }}
           # Optional: Add other env vars if needed
           # GA4_MEASUREMENT_ID: ${{ secrets.GA4_MEASUREMENT_ID }}
         run: npm run build

.gitignore

@@ -15,7 +15,7 @@ node_modules/
 .env.development.local
 .env.test.local
 .env.production.local
-
+.env.prod
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
@@ -39,4 +39,4 @@ build/
 .coverage
 htmlcov/
 .mypy_cache/
-.ruff_cache/
+.ruff_cache/

auth-server/README.md

@@ -39,7 +39,7 @@ INSERT INTO oauth_application (
   'robolearn-public-client',
   NULL, -- No secret for public client (PKCE only)
   'RoboLearn Public Client',
-  'http://localhost:3000/auth/callback,https://robolearn.github.io/auth/callback', -- Comma-separated: dev + prod URLs
+  'http://localhost:3000/auth/callback,http://localhost:3000/robolearn/auth/callback,https://mjunaidca.github.io/robolearn/auth/callback', -- Comma-separated: dev (both variants) + prod URLs
   'public',
   false,
   '{"token_endpoint_auth_method":"none","grant_types":["authorization_code","refresh_token"]}',

auth-server/src/components/sign-in-form.tsx

@@ -63,16 +63,28 @@ export function SignInForm() {
       });
 
       if (result.error) {
-        // Check if email needs verification (403 status)
-        if (result.error.status === 403 || result.error.message?.includes("verify")) {
+        // Log error for debugging (remove in production if needed)
+        console.error("[SignIn] Error:", result.error.status, result.error.message);
+        
+        // Check if email needs verification (403 status or message contains verify)
+        if (result.error.status === 403 || result.error.message?.toLowerCase().includes("verify") || result.error.message?.toLowerCase().includes("verification") || result.error.message?.toLowerCase().includes("not verified")) {
           setErrors({
-            general: "Please verify your email address before signing in.",
+            general: "Please verify your email address before signing in. Check your inbox for the verification email.",
             needsVerification: true,
           });
+        } else if (result.error.message?.toLowerCase().includes("password") || result.error.message?.toLowerCase().includes("incorrect") || result.error.message?.toLowerCase().includes("invalid password")) {
+          // Wrong password
+          setErrors({ general: "Invalid password. Please check your password and try again." });
+        } else if (result.error.message?.toLowerCase().includes("not found") || result.error.message?.toLowerCase().includes("does not exist") || result.error.message?.toLowerCase().includes("no account")) {
+          // Email not found
+          setErrors({ general: "No account found with this email. Please sign up first." });
         } else {
           // Generic error message for security (don't reveal which field is wrong)
-          setErrors({ general: "Invalid credentials. Please check your email and password." });
+          // But show the actual error message if it's helpful
+          const errorMsg = result.error.message || "Invalid credentials. Please check your email and password.";
+          setErrors({ general: errorMsg });
         }
+        setIsLoading(false);
         return;
       }
 

auth-server/src/components/sign-up-form.tsx

@@ -99,11 +99,15 @@ export function SignUpForm() {
       });
 
       if (result.error) {
-        if (result.error.message?.includes("already exists")) {
-          setErrors({ email: "This email is already registered. Try signing in instead." });
+        if (result.error.message?.includes("already exists") || result.error.message?.includes("already registered")) {
+          setErrors({ 
+            email: "This email is already registered. Try signing in instead.",
+            general: "An account with this email already exists. Please sign in instead."
+          });
         } else {
           setErrors({ general: result.error.message || "Registration failed. Please try again." });
         }
+        setIsLoading(false);
         return;
       }
 

robolearn-interface/.env.example

@@ -1,13 +1,20 @@
-# Auth server URL
-AUTH_URL=http://localhost:3001
-
-# OAuth client ID
-# Use the pre-configured public client (PKCE, no secret needed):
-OAUTH_CLIENT_ID=robolearn-public-client
-# Or register a custom client in the admin panel (/admin/clients)
-
-# Site URL (for OAuth redirects, auto-detected in dev)
-# SITE_URL=https://your-domain.com
-
-# Google Analytics (optional)
-# GA4_MEASUREMENT_ID=G-XXXXXXXXXX
+# Docusaurus Configuration
+# Copy this file to .env and update with your values
+
+# Base URL for the site
+# For local development, use "/" (default)
+# For GitHub Pages deployment, use "/robolearn/"
+BASE_URL=/
+
+# Auth Server Configuration
+# URL of the authentication server for login/signup redirects
+AUTH_URL=http://localhost:3001
+
+# OAuth Client ID
+# Pre-configured trusted client (PKCE + JWKS)
+# This should match the trustedClients[0].clientId in auth-server
+OAUTH_CLIENT_ID=robolearn-public-client
+
+# Google Analytics 4 (Optional)
+# Uncomment and set your GA4 Measurement ID to enable analytics
+# GA4_MEASUREMENT_ID=G-XXXXXXXXXX

robolearn-interface/docusaurus.config.ts

@@ -16,6 +16,9 @@ const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID || "robolearn-public-client"
 
 // This runs in Node.js - Don't use client-side code here (browser APIs, JSX...)
 
+// Base URL configuration - defaults to "/" for local development
+const BASE_URL = process.env.BASE_URL || "/";
+
 const config: Config = {
   title: "RoboLearn",
   tagline:
@@ -37,7 +40,9 @@ const config: Config = {
   url: "https://mjunaidca.github.io",
   // Set the /<baseUrl>/ pathname under which your site is served
   // For GitHub pages deployment, it is often '/<projectName>/'
-  baseUrl: "/robolearn/",
+  // For local development, use '/' (default)
+  // For production/GitHub Pages, set BASE_URL=/robolearn/ in environment
+  baseUrl: BASE_URL,
 
   // Sitemap is configured via the classic preset's sitemap option below
 
@@ -302,7 +307,7 @@ const config: Config = {
         {
           type: "custom-navbarAuth",
           position: "right",
-          value: '<a href="/robolearn/docs/preface-agent-native" class="navbar__cta-button">Start Free</a>',
+          value: `<a href="${BASE_URL}docs/preface-agent-native" class="navbar__cta-button">Start Free</a>`,
         },
       ],
     },

robolearn-interface/src/contexts/AuthContext.tsx

@@ -1,6 +1,7 @@
 import React, { createContext, useContext, useEffect, useState, ReactNode } from 'react';
 import { refreshAccessToken } from '../lib/auth-client';
 import { verifyIDToken, extractUserFromToken } from '../lib/jwt-verifier';
+import { getHomeUrl } from '../lib/url-utils';
 
 interface User {
   id: string;
@@ -153,14 +154,18 @@ export function AuthProvider({ children, authUrl, oauthClientId }: AuthProviderP
     // Clear session state
     setSession(null);
 
+    // Get home URL - auto-detects base path from current URL
+    const homeUrl = getHomeUrl();
+
     if (global) {
       // Global logout: redirect to auth server to end session there too
       // This logs user out from all apps using this auth server
-      window.location.href = `${effectiveAuthUrl}/api/auth/sign-out?redirectTo=${encodeURIComponent(window.location.origin)}`;
+      const redirectTo = typeof window !== 'undefined' ? `${window.location.origin}${homeUrl}` : homeUrl;
+      window.location.href = `${effectiveAuthUrl}/api/auth/sign-out?redirectTo=${encodeURIComponent(redirectTo)}`;
     } else {
       // Local logout: just redirect to home
       // User stays logged in at auth server (SSO pattern)
-      window.location.href = '/';
+      window.location.href = homeUrl;
     }
   };
 

robolearn-interface/src/lib/auth-client.ts

@@ -1,4 +1,5 @@
 import { createAuthClient } from "better-auth/react";
+import { getRedirectUri } from "./url-utils";
 
 // Default fallbacks for development
 const DEFAULT_AUTH_URL = "http://localhost:3001";
@@ -44,16 +45,17 @@ export interface OAuthConfig {
   authUrl?: string;
   clientId?: string;
   redirectUri?: string;
+  // baseUrl removed - we detect it automatically from current URL
 }
 
 // OAuth2 Authorization URL builder with PKCE
 // Config should be passed from component using useDocusaurusContext
 export async function getOAuthAuthorizationUrl(state?: string, config?: OAuthConfig): Promise<string> {
   const authUrl = config?.authUrl || DEFAULT_AUTH_URL;
   const clientId = config?.clientId || DEFAULT_CLIENT_ID;
-  const redirectUri = config?.redirectUri || (typeof window !== 'undefined'
-    ? `${window.location.origin}/auth/callback`
-    : "http://localhost:3000/auth/callback");
+  
+  // Generate redirect URI - use provided one, or auto-detect from current URL
+  const redirectUri = config?.redirectUri || getRedirectUri();
 
   // Generate PKCE code verifier and challenge
   const codeVerifier = generateCodeVerifier();

robolearn-interface/src/lib/url-utils.ts

@@ -0,0 +1,60 @@
+/**
+ * URL utilities for handling baseUrl in Docusaurus deployments
+ * Works for dev, GitHub Pages, and custom domains
+ * 
+ * Simple approach: Detect the base path from the current URL
+ * No hardcoding - just use whatever path the user is currently on
+ */
+
+/**
+ * Detects the base path from the current URL
+ * 
+ * Docusaurus respects baseUrl even in dev mode.
+ * If baseUrl is "/robolearn/", you access the site at http://localhost:3000/robolearn/
+ * 
+ * So we detect the base path from the current URL pathname.
+ */
+function detectBasePath(): string {
+  if (typeof window === 'undefined') return '';
+  
+  const pathname = window.location.pathname;
+  
+  // Extract the first path segment (e.g., /robolearn/docs -> /robolearn)
+  const match = pathname.match(/^\/([^/]+)/);
+  
+  if (match) {
+    const firstSegment = match[1];
+    // If first segment is a known app/content path, we're at root
+    // These are Docusaurus routes that don't indicate a baseUrl
+    // Add custom routes like 'labs', 'chat' to this list
+    if (['auth', 'api', 'docs', 'blog', 'search', 'labs', 'chat'].includes(firstSegment)) {
+      return '';
+    }
+    // Otherwise, we're in a subpath (e.g., /robolearn/)
+    return `/${firstSegment}`;
+  }
+  
+  return ''; // Root (pathname is just "/")
+}
+
+/**
+ * Gets the home URL (with baseUrl if applicable)
+ */
+export function getHomeUrl(): string {
+  const basePath = detectBasePath();
+  return basePath ? `${basePath}/` : '/';
+}
+
+/**
+ * Constructs a redirect URI for OAuth callback
+ * Uses the detected base path from current URL - no hardcoding needed
+ */
+export function getRedirectUri(): string {
+  if (typeof window === 'undefined') {
+    return 'http://localhost:3000/auth/callback';
+  }
+  
+  const basePath = detectBasePath();
+  return `${window.location.origin}${basePath}/auth/callback`;
+}
+