bug: handleSignIn used wrong URL for callback url check

[leric]

Describe the bug

https://github.com/logto-io/js/blob/master/packages/next/server-actions/index.ts#L60

In this function handleSignIn, if the passed in param searchParamsOrUrl is not a instance of URL, it will construct a bad url for client.handleSignInCallbackto handle.

In the Next.js (App Router) tutorial, the sample code do pass a URLSearchParams as searchParamsOrUrl, so if your redirect url is not /callback, it will throw error callback_uri_verification.redirect_uri_mismatched

Expected behavior

Use the sample code given by Next.js (App Router) tutorial:

import { handleSignIn } from '@logto/next/server-actions';
import { redirect } from 'next/navigation';
import { NextRequest } from 'next/server';
import { logtoConfig } from '../logto';

export async function GET(request: NextRequest) {
  const searchParams = request.nextUrl.searchParams;
  await handleSignIn(logtoConfig, searchParams);

  redirect('/');
}

Should handle login callback correctly.

How to reproduce?

Set redirect URI to any url other than http://hostname/callback, e.g. http://localhost:3000/api/auth/callback
handleSignIn will check the actual redirect url agains http://hostname/callback, result in a 'callback_uri_verification.redirect_uri_mismatched' error

Environment

Logto Cloud

Screenshots

No response

[wangsijie]

Thank you for raising this issue. If your redirect URL is not /callback, you should construct and pass your own URL instance. That is why we allow passing an URL object in the first place.