From 824e1d61f5a4c507f43b4bfdaa9ec88a6adb9f10 Mon Sep 17 00:00:00 2001
From: Evan <evanpelle@gmail.com>
Date: Fri, 14 Nov 2025 16:45:22 -0800
Subject: [PATCH] update login flow (#2455)

Simplify the login flow.

## Please complete the following:

- [x] I have added screenshots for all UI updates
- [x] I process any text displayed to the user through translateText()
and I've added it to the en.json file
- [x] I have added relevant tests to the test directory
- [x] I confirm I have thoroughly tested these changes and take full
responsibility for any bugs introduced

## Please put your Discord username so you can be contacted if a bug or
regression is found:

evan
---
 src/client/jwt.ts | 33 ++++-----------------------------
 1 file changed, 4 insertions(+), 29 deletions(-)

diff --git a/src/client/jwt.ts b/src/client/jwt.ts
index f396ea691..31cef3e2a 100644
--- a/src/client/jwt.ts
+++ b/src/client/jwt.ts
@@ -32,26 +32,6 @@ export function getApiBase() {
 }
 
 function getToken(): string | null {
-  // Check window hash
-  const { hash } = window.location;
-  if (hash.startsWith("#")) {
-    const params = new URLSearchParams(hash.slice(1));
-    const token = params.get("token");
-    if (token) {
-      localStorage.setItem("token", token);
-      params.delete("token");
-      params.toString();
-    }
-    // Clean the URL
-    history.replaceState(
-      null,
-      "",
-      window.location.pathname +
-        window.location.search +
-        (params.size > 0 ? "#" + params.toString() : ""),
-    );
-  }
-
   // Check cookie
   const cookie = document.cookie
     .split(";")
@@ -83,21 +63,16 @@ export function discordLogin() {
 export async function tokenLogin(token: string): Promise<string | null> {
   const response = await fetch(
     `${getApiBase()}/login/token?login-token=${token}`,
+    {
+      credentials: "include",
+    },
   );
   if (response.status !== 200) {
     console.error("Token login failed", response);
     return null;
   }
   const json = await response.json();
-  const { jwt, email } = json;
-  const payload = decodeJwt(jwt);
-  const result = TokenPayloadSchema.safeParse(payload);
-  if (!result.success) {
-    console.error("Invalid token", result.error, result.error.message);
-    return null;
-  }
-  clearToken();
-  localStorage.setItem("token", jwt);
+  const { email } = json;
   return email;
 }