fix: resolve GitHub OAuth login failures for non-owner users

[Gbangbolaoluwagbemiga]

Summary

• Fixed GitHub OAuth callback to send the raw authorization code directly to the backend (backend handles the token exchange)
• Removed the incorrect frontend token exchange step that was causing Invalid code errors
• Passes redirect_uri alongside the code so the backend can complete the OAuth handshake correctly

Root Cause

The previous implementation was exchanging the GitHub authorization code on the frontend first, then sending the resulting access token to the backend with key access_token. The backend expected the raw auth code in a code field and does its own exchange — sending a pre-exchanged token caused it to reject with Invalid code.

Known Backend Issues (separate tickets needed)

The following backend bugs were discovered during testing and need to be fixed on the backend side:

1. Private emails not handled — Backend only reads email from /user API. Users with private GitHub emails get 401: Email is required. Backend needs to fall back to /user/emails endpoint.
2. Missing name fields crash — Backend requires first_name and last_name but GitHub only provides an optional single name field. Missing values cause 500 instead of graceful fallback to the GitHub login username.
3. Validation errors returning 500 — These should be 400 Bad Request.

Test Plan

• Click "Login with GitHub" — redirects to GitHub authorization page without "Be careful" warning
• Authorize on GitHub — redirects back to /auth/callback with code
• Callback processes successfully and redirects to /hackathon dashboard
• Tested locally with http://localhost:3000

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
vortexis	Ready	Preview, Comment	Jun 8, 2026 6:17pm