fix: when prompt none failed with no session redirect to login

[DanielRivers]

Explain your changes

When prompt none is used, this caused callback to fail when no session existed.

Checklist

• I have read the “Pull requests” section in the contributing guidelines.
• I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dc269d88-04fc-4c99-b3c0-dabb17859101

📥 Commits

Reviewing files that changed from the base of the PR and between efb186f and 8a0f947.

📒 Files selected for processing (1)

• src/handlers/callback.ts

---

Walkthrough

A redirectToLogin(routerClient) helper was added to build and invoke login redirects using config.redirectURL, config.apiPath, routes.login, and optional state. The callback handler's error paths (including login_link_expired) now use this helper to redirect to login instead of returning early.

Changes

Cohort / File(s)	Summary
Callback Handler Refactoring src/handlers/callback.ts	Added redirectToLogin(routerClient) helper that constructs the login URL (including optional state) and invokes routerClient.redirect(...). Updated callback error handling: login_link_expired and other error branches now redirect via the helper rather than returning early; simplified reauth state decoding error handling to trigger the redirect.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: fixing the callback handler to redirect to login when prompt=none encounters no session.
Description check	✅ Passed	The description clearly explains the issue and the fix, relating directly to the changeset's modification of error handling in the callback handler.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/prompt-none

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/handlers/callback.ts`:
- Around line 40-42: The reauth_state parsing currently lets atob/JSON.parse
throw, causing the callback to fail instead of redirecting; wrap the parse of
reauth_state in a try/catch inside the callback handler and, on any error, call
and return redirectToLogin(routerClient) (instead of rethrowing) so malformed
reauth_state falls back to the login redirect; update the code paths around the
reauth_state parsing point in src/handlers/callback.ts (where atob/JSON.parse is
used) to swallow parse errors and invoke redirectToLogin(routerClient).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 33765aee-873a-4bcc-9386-c3ee6a259a80

📥 Commits

Reviewing files that changed from the base of the PR and between c7018ea and efb186f.

📒 Files selected for processing (1)

• src/handlers/callback.ts