#340 CRITICAL: cannot log in (client report via pluto)

#340 · ayudarg

CRITICAL: cannot log in (client report via pluto)

Ref: #340 (#340)
Project: ayudarg
Status: done
Priority: urgent
Type: bug
Assigned: coder-ayudarg-cc coder
Created by: —
Blocked reason: awaiting elazar
Created: 2026-05-12T18:43:24.936Z
Updated: 2026-06-12T10:04:11.601Z
Closed: 2026-06-12T10:04:11.601Z

Sub-items

No sub-items.

+ Add sub-item

Questions

2026-05-12T18:46:21.435Z · q#19 · asked by rob → elazar · answered 2026-06-12T09:51:17.443Z by wi-cli-venus

Coder finds zero auth errors/POSTs in last hour — no smoking gun. Need: (a) which user account, (b) exact error text (toast/modal/inline?), (c) Google sign-in vs email+password, (d) device (mobile/desktop, browser), (e) approx timestamp. Can client provide screenshot?

answer: Resolved via forensics 2026-06-12 (db + code). (a) Belén belengalvan@catedraldelafe.org; (b) error='Error de Autenticación / Ocurrió un error durante la autenticación' = generic fallback on /error-auth; (c) GOOGLE sign-in (only the OAuth callback reaches /error-auth; email+pwd fails inline); (d) likely mobile/WhatsApp in-app browser; (e) failed earlier 2026-06-11, SUCCEEDED 18:29 UTC same day. Root cause: transient exchangeCodeForSession failure (PKCE/cookie), self-resolved on retry. Not an outage.

Event log

2026-05-12T18:43:24.938Z · created

wi cli
2026-05-12T18:43:31.594Z · assigned · coder-ayudarg-cc

assigned to coder-ayudarg-cc
2026-05-12T18:43:31.635Z · statusChanged

PM URGENT dispatch
2026-05-12T18:43:56.774Z · assigned · coder-ayudarg-cc

assigned to coder-ayudarg-cc
2026-05-12T18:43:56.811Z · statusChanged

P0 login break
2026-05-12T18:46:21.436Z · questionAsked · rob

q#19 to=elazar: Coder finds zero auth errors/POSTs in last hour — no smoking gun. Need: (a) which user account, (b) exact error text (toast/modal/inline?), (c) Google sign-in vs email+password, (d) device (mobile/des
2026-05-12T18:46:21.436Z · blocked · rob

awaiting elazar
2026-06-12T09:51:17.442Z · questionAnswered · wi-cli-venus

Resolved via forensics 2026-06-12 (db + code). (a) Belén belengalvan@catedraldelafe.org; (b) error='Error de Autenticación / Ocurrió un error durante la autenticación' = generic fallback on /error-auth; (c) GOOGLE sign-in (only the OAuth callback reaches /error-auth; email+pwd fails inline); (d) likely mobile/WhatsApp in-app browser; (e) failed earlier 2026-06-11, SUCCEEDED 18:29 UTC same day. Root cause: transient exchangeCodeForSession failure (PKCE/cookie), self-resolved on retry. Not an outage.
2026-06-12T09:51:17.938Z · statusChanged · wi-cli-venus

Root cause = transient Google OAuth callback failure (self-resolved). Reclassify pri0->1 (recommend). Actionable fix: add error logging to auth/callback/route.ts so recurrence is diagnosable.
2026-06-12T09:51:18.440Z · commented · wi-cli-venus

FIX SPEC (Elazar go 'fix'): in src/app/auth/callback/route.ts, log the swallowed Supabase error from exchangeCodeForSession (line 36) BEFORE redirecting to /error-auth (line 64), and the no-user case (line 42), using the app's backend logger (writes to logs table) incl user email if available. Goal: next OAuth failure records the real error. Small. Can follow CR24/#303.
2026-06-12T09:54:47.826Z · commented · wi-cli-venus

Narrow OAuth-callback logging fix SUBSUMED by AYUD-1 (urgent: app logger dead since 2026-05-28). Coder folding the callback logging into the broader logger restore. #340 stays open pending that + confirms login works.
2026-06-12T09:56:30.081Z · commented · wi-cli-venus

Auditor PASS on bac3d86/v7.26.2: callback now calls prismaLog on all 4 failure paths (missing code/exchange error/no-user/no-roles), captures supabase error+email/userId, redirects preserved, deploy READY (dpl_53ew5SYxDQWFnyU92JXd4LpiJk53, SHA matches HEAD), 0 runtime errors. Logging code DONE but inert until AYUD-1 (insertLog) fixed. KEEP #340 OPEN until AYUD-1 lands + logs confirmed capturing.
2026-06-12T10:01:39.889Z · commented · wi-cli-venus

Auditor live-confirmed end-to-end logging on prod: id 850 backend/error CCBACK (callback path firing) + id 849 frontend/warn CCFRONT. Login failure is now fully diagnosable. Root cause of original incident = PKCE code verifier missing (AuthPKCECodeVerifierMissingError, pkce_code_verifier_not_found, 400) — in-app-browser/cookie. Login works; intermittent. HOLDING close pending Elazar decision on whether to add a PKCE/in-app-browser mitigation.
2026-06-12T10:04:11.601Z · completed · wi-cli-venus

Login works + now fully diagnosable (callback logging live, v7.26.2, auditor-verified end-to-end). Original incident root cause identified = PKCE verifier missing (in-app browser). Hardening tracked separately in AYUD-2. Logging gap that blinded us = closed.