From 4201b31a241920eec26dc02831294bcce7db550c Mon Sep 17 00:00:00 2001
From: Jerome <jerome@anthropic.com>
Date: Fri, 21 Feb 2025 14:28:11 +0000
Subject: [PATCH 1/2] Fix OAuth callback route in production builds

Add SPA routing configuration to serve-handler to ensure /oauth/callback
routes are correctly handled in production builds.
---
 client/bin/cli.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/client/bin/cli.js b/client/bin/cli.js
index ae4967f..7dc93ea 100755
--- a/client/bin/cli.js
+++ b/client/bin/cli.js
@@ -9,7 +9,10 @@ const __dirname = dirname(fileURLToPath(import.meta.url));
 const distPath = join(__dirname, "../dist");
 
 const server = http.createServer((request, response) => {
-  return handler(request, response, { public: distPath });
+  return handler(request, response, {
+    public: distPath,
+    rewrites: [{ source: "/**", destination: "/index.html" }],
+  });
 });
 
 const port = process.env.PORT || 5173;

From c3ece186a4b26d60d1697fe2cb5520a3517bea9c Mon Sep 17 00:00:00 2001
From: Jerome <jerome@anthropic.com>
Date: Fri, 21 Feb 2025 14:51:47 +0000
Subject: [PATCH 2/2] Using urlencoded params for refresh/auth tokens

---
 client/src/lib/auth.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/client/src/lib/auth.ts b/client/src/lib/auth.ts
index 592dc17..b67f21d 100644
--- a/client/src/lib/auth.ts
+++ b/client/src/lib/auth.ts
@@ -86,9 +86,9 @@ export async function handleOAuthCallback(
   const response = await fetch(metadata.token_endpoint, {
     method: "POST",
     headers: {
-      "Content-Type": "application/json",
+      "Content-Type": "application/x-www-form-urlencoded",
     },
-    body: JSON.stringify({
+    body: new URLSearchParams({
       grant_type: "authorization_code",
       code,
       code_verifier: codeVerifier,
@@ -117,9 +117,9 @@ export async function refreshAccessToken(
   const response = await fetch(metadata.token_endpoint, {
     method: "POST",
     headers: {
-      "Content-Type": "application/json",
+      "Content-Type": "application/x-www-form-urlencoded",
     },
-    body: JSON.stringify({
+    body: new URLSearchParams({
       grant_type: "refresh_token",
       refresh_token: refreshToken,
     }),