fix(auth): Fix TypeScript build errors and OAuth client types

Fixed multiple TypeScript compilation errors:
- Removed unused createAdminUser() function with undefined hashPassword call
- Added explicit type annotations for map callbacks (client, m, u parameters)
- Changed OAuth client type from "confidential" to "web" (Better Auth compliant)
- Updated seed script to check client secret presence instead of type

Profile improvements:
- Added redirect parameter support to profile page
- ProfileForm now redirects back to client app after save
- NavbarAuth shows Edit Profile button with auto-refresh on return

Build now completes successfully with all type checks passing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: mjunaidca

auth-server/scripts/seed-setup.ts

@@ -174,9 +174,9 @@ const TEST_ORG = {
  * Upsert OAuth client from trusted-clients.ts configuration
  */
 async function upsertClient(client: typeof TRUSTED_CLIENTS[0]) {
-  // Determine auth method based on client type
-  const authMethod = client.type === "confidential" ? "client_secret_basic" : "none";
+  // Determine auth method based on presence of client secret
   const clientSecret = 'clientSecret' in client ? client.clientSecret : null;
+  const authMethod = clientSecret ? "client_secret_basic" : "none";
 
   const dbClient = {
     id: `${client.clientId}-id`,
@@ -223,50 +223,10 @@ async function upsertClient(client: typeof TRUSTED_CLIENTS[0]) {
 }
 
 /**
- * Create or get admin user
+ * Note: Admin user creation is handled via Better Auth API (see createAdminViaAPI above)
+ * This ensures password hashing uses Better Auth's exact implementation.
+ * The seed script only checks for existing admin and provides API instructions if needed.
  */
-async function createAdminUser() {
-  // Check if admin user exists
-  const existingUser = await db
-    .select()
-    .from(user)
-    .where(eq(user.email, TEST_ADMIN_EMAIL));
-
-  if (existingUser.length > 0) {
-    console.log(`  ✅ Admin user exists: ${TEST_ADMIN_EMAIL}`);
-    return existingUser[0].id;
-  }
-
-  // Create admin user
-  console.log(`  ✅ Creating admin user: ${TEST_ADMIN_EMAIL}`);
-  const userId = crypto.randomUUID();
-  const hashedPassword = await hashPassword(TEST_ADMIN_PASSWORD);
-
-  await db.insert(user).values({
-    id: userId,
-    email: TEST_ADMIN_EMAIL,
-    emailVerified: true, // Skip email verification for local dev
-    name: TEST_ADMIN_NAME,
-    createdAt: new Date(),
-    updatedAt: new Date(),
-  });
-
-  // Create account with password
-  await db.insert(account).values({
-    id: crypto.randomUUID(),
-    userId: userId,
-    accountId: userId,
-    providerId: "credential",
-    password: hashedPassword,
-    createdAt: new Date(),
-    updatedAt: new Date(),
-  });
-
-  console.log(`  📧 Email: ${TEST_ADMIN_EMAIL}`);
-  console.log(`  🔑 Password: ${TEST_ADMIN_PASSWORD}`);
-
-  return userId;
-}
 
 /**
  * Seed default organization (production + dev)

auth-server/scripts/verify-test-user.ts

@@ -1,28 +1,25 @@
-import { neon } from "@neondatabase/serverless";
-import { drizzle } from "drizzle-orm/neon-http";
-import { pgTable, text, boolean } from "drizzle-orm/pg-core";
+import { db } from "../src/lib/db";
+import { user } from "../auth-schema";
 import { eq } from "drizzle-orm";
-import dotenv from "dotenv";
 
-dotenv.config({ path: ".env.local" });
+async function verifyTestUser() {
+  try {
+    const result = await db
+      .update(user)
+      .set({ emailVerified: true })
+      .where(eq(user.email, "[email protected]"))
+      .returning();
 
-const user = pgTable("user", {
-  id: text("id").primaryKey(),
-  email: text("email").notNull().unique(),
-  emailVerified: boolean("email_verified").default(false).notNull(),
-});
-
-const sql = neon(process.env.DATABASE_URL!);
-const db = drizzle(sql);
-
-async function main() {
-  const result = await db.update(user)
-    .set({ emailVerified: true })
-    .where(eq(user.email, "[email protected]"))
-    .returning({ id: user.id, email: user.email, emailVerified: user.emailVerified });
-
-  console.log("User verified:", result);
+    if (result.length > 0) {
+      console.log("✅ Email verified for [email protected]");
+      console.log("User:", result[0]);
+    } else {
+      console.log("❌ User not found");
+    }
+  } catch (error) {
+    console.error("Error:", error);
+  }
   process.exit(0);
 }
 
-main().catch(console.error);
+verifyTestUser();

auth-server/src/app/account/profile/ProfileForm.tsx

@@ -1,10 +1,14 @@
 "use client";
 
 import { useState } from "react";
-import { useRouter } from "next/navigation";
 
-export default function ProfileForm({ user }: { user: any }) {
-  const router = useRouter();
+export default function ProfileForm({
+  user,
+  redirectUrl
+}: {
+  user: any;
+  redirectUrl: string | null;
+}) {
   const [loading, setLoading] = useState(false);
   const [formData, setFormData] = useState({
     // OIDC Standard Claims (editable)
@@ -33,8 +37,13 @@ export default function ProfileForm({ user }: { user: any }) {
       });
 
       if (response.ok) {
-        // Refresh the page to get updated session data
-        window.location.reload();
+        if (redirectUrl) {
+          // Redirect back to client app
+          window.location.href = redirectUrl;
+        } else {
+          // No redirect URL, just reload current page
+          window.location.reload();
+        }
       } else {
         const error = await response.json();
         alert(`Error: ${error.message}`);

auth-server/src/app/account/profile/page.tsx

@@ -3,7 +3,11 @@ import { headers } from "next/headers";
 import { redirect } from "next/navigation";
 import ProfileForm from "./ProfileForm";
 
-export default async function ProfilePage() {
+export default async function ProfilePage({
+  searchParams,
+}: {
+  searchParams: Promise<{ redirect?: string }>;
+}) {
   const session = await auth.api.getSession({
     headers: await headers(),
   });
@@ -12,10 +16,13 @@ export default async function ProfilePage() {
     redirect("/auth/sign-in");
   }
 
+  const params = await searchParams;
+  const redirectUrl = params.redirect || null;
+
   return (
     <div className="max-w-2xl mx-auto p-6">
       <h1 className="text-2xl font-bold mb-6">Profile Settings</h1>
-      <ProfileForm user={session.user} />
+      <ProfileForm user={session.user} redirectUrl={redirectUrl} />
     </div>
   );
 }

auth-server/src/app/api/admin/clients/route.ts

@@ -40,7 +40,7 @@ export async function GET() {
     }).from(oauthApplication);
 
     // Parse redirectUrls and metadata - handle both JSON strings and plain strings
-    const parsedClients = clients.map(client => {
+    const parsedClients = clients.map((client: typeof clients[number]) => {
       let redirectUrls: string[] = [];
       let metadata: Record<string, unknown> = {};
 
@@ -52,7 +52,7 @@ export async function GET() {
         } catch {
           // Not JSON, treat as single URL or comma-separated
           redirectUrls = client.redirectUrls.includes(',')
-            ? client.redirectUrls.split(',').map(u => u.trim())
+            ? client.redirectUrls.split(',').map((u: string) => u.trim())
             : [client.redirectUrls];
         }
       }

auth-server/src/app/api/profile/route.ts

@@ -43,7 +43,7 @@ export async function GET() {
       .from(member)
       .where(eq(member.userId, session.user.id));
 
-    const organizationIds = memberships.map((m) => m.organizationId);
+    const organizationIds = memberships.map((m: typeof memberships[number]) => m.organizationId);
 
     // Return flattened structure with organizationIds (expected by tests)
     return NextResponse.json({

auth-server/src/lib/auth.ts

@@ -498,7 +498,7 @@ export const auth = betterAuth({
           .where(eq(member.userId, user.id));
 
         // Get all organization IDs the user belongs to
-        const organizationIds = memberships.map((m) => m.organizationId);
+        const organizationIds = memberships.map((m: typeof memberships[number]) => m.organizationId);
 
         // Primary tenant is the first organization (can be extended to support active org)
         const primaryTenantId = organizationIds[0] || null;

auth-server/src/lib/trusted-clients.ts

@@ -73,7 +73,7 @@ export const TRUSTED_CLIENTS = [
   {
     clientId: "robolearn-confidential-client",
     name: "RoboLearn Backend Service (Test)",
-    type: "confidential" as const,
+    type: "web" as const, // "web" type for server-side confidential clients with secrets
     clientSecret: "robolearn-confidential-secret-for-testing-only",
     redirectUrls: getRedirectUrls([
       "http://localhost:8000/auth/callback",

robolearn-interface/.mcp.json

@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "shadcn": {
+      "type": "http",
+      "url": "https://www.shadcn.io/api/mcp"
+    }
+  }
+}

robolearn-interface/src/components/NavbarAuth/index.tsx

@@ -6,7 +6,7 @@ import useDocusaurusContext from '@docusaurus/useDocusaurusContext';
 import styles from './styles.module.css';
 
 export function NavbarAuth() {
-  const { session, isLoading, signOut } = useAuth();
+  const { session, isLoading, signOut, refreshUserData } = useAuth();
   const { siteConfig } = useDocusaurusContext();
   const authUrl = (siteConfig.customFields?.authUrl as string) || 'http://localhost:3001';
   const oauthClientId = (siteConfig.customFields?.oauthClientId as string) || 'robolearn-interface';
@@ -63,6 +63,26 @@ export function NavbarAuth() {
     return email ? email[0].toUpperCase() : '?';
   };
 
+  // Handle Edit Profile - open auth server profile page
+  const handleEditProfile = () => {
+    const currentUrl = typeof window !== 'undefined' ? window.location.href : '';
+    const profileUrl = `${authUrl}/account/profile?redirect=${encodeURIComponent(currentUrl)}`;
+
+    // Store a flag so we know to refresh data when user returns
+    localStorage.setItem('robolearn_refresh_on_return', 'true');
+
+    window.location.href = profileUrl;
+  };
+
+  // Refresh data if user just returned from profile editing
+  useEffect(() => {
+    const shouldRefresh = localStorage.getItem('robolearn_refresh_on_return');
+    if (shouldRefresh === 'true' && session?.user) {
+      localStorage.removeItem('robolearn_refresh_on_return');
+      refreshUserData();
+    }
+  }, [session]);
+
   if (isLoading) {
     return (
       <div className={styles.authContainer}>
@@ -139,6 +159,12 @@ export function NavbarAuth() {
             )}
 
             <div className={styles.dropdownDivider} />
+            <button onClick={handleEditProfile} className={styles.dropdownItem}>
+              <svg width="16" height="16" viewBox="0 0 16 16" fill="none">
+                <path d="M11.3333 2.00004C11.5084 1.82494 11.716 1.68605 11.9441 1.59129C12.1722 1.49653 12.4165 1.44775 12.6633 1.44775C12.9101 1.44775 13.1544 1.49653 13.3825 1.59129C13.6106 1.68605 13.8183 1.82494 13.9933 2.00004C14.1684 2.17513 14.3073 2.38283 14.4021 2.61091C14.4968 2.83899 14.5456 3.08333 14.5456 3.33004C14.5456 3.57675 14.4968 3.82109 14.4021 4.04917C14.3073 4.27725 14.1684 4.48495 13.9933 4.66004L5.33333 13.32L2 14L2.68 10.6667L11.3333 2.00004Z" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round"/>
+              </svg>
+              Edit Profile
+            </button>
             <button onClick={() => signOut()} className={styles.dropdownItem}>
               <svg width="16" height="16" viewBox="0 0 16 16" fill="none">
                 <path d="M6 14H3.33333C2.97971 14 2.64057 13.8595 2.39052 13.6095C2.14048 13.3594 2 13.0203 2 12.6667V3.33333C2 2.97971 2.14048 2.64057 2.39052 2.39052C2.64057 2.14048 2.97971 2 3.33333 2H6" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round"/>