fix(auth): update comments in AuthCallback and API client for clarity on token handling and refresh process

2026-01-23 10:45:52 +01:00
parent 4c7dc51db3
commit 3ca0bbd921
2 changed files with 3 additions and 2 deletions
--- a/app/auth/callback/page.tsx
+++ b/app/auth/callback/page.tsx
@@ -19,7 +19,8 @@ function AuthCallbackContent() {
    if (processedRef.current) return
    
    // * Check for direct token passing (from auth-frontend direct login)
-    // * TODO: This flow exposes tokens in URL, should be deprecated in favor of Authorization Code flow
+    // * This flow exposes tokens in URL, kept for legacy support.
+    // * Recommended: Use Authorization Code flow (below)
    const token = searchParams.get('token')
    const refreshToken = searchParams.get('refresh_token')
    
--- a/lib/api/client.ts
+++ b/lib/api/client.ts
@@ -99,7 +99,7 @@ async function apiRequest<T>(
          isRefreshing = true

          try {
-            // * Call our internal Next.js API route to handle refresh securely
+            // * Call our Next.js API route to handle refresh securely
            const refreshRes = await fetch('/api/auth/refresh', {
              method: 'POST',
              headers: { 'Content-Type': 'application/json' },