From 1badff3d76d4a7bbe4697f8d9427bd7f69667107 Mon Sep 17 00:00:00 2001
From: Matan Lurey <matan@vastspace.com>
Date: Fri, 1 May 2026 09:01:02 -0700
Subject: [PATCH] fix(next-auth): Handle /api/authh/_log as recognized action

---
 packages/core/src/lib/index.ts         | 18 ++++++++++++++++++
 packages/core/src/lib/utils/actions.ts |  1 +
 packages/core/src/types.ts             |  1 +
 packages/core/test/url-parsing.test.ts | 12 ++++++++++++
 4 files changed, 32 insertions(+)

diff --git a/packages/core/src/lib/index.ts b/packages/core/src/lib/index.ts
index 00ee0027c1..53024405dd 100644
--- a/packages/core/src/lib/index.ts
+++ b/packages/core/src/lib/index.ts
@@ -4,6 +4,7 @@ import { init } from "./init.js"
 import renderPage from "./pages/index.js"
 import * as actions from "./actions/index.js"
 import { validateCSRF } from "./actions/callback/oauth/csrf-token.js"
+import { setLogger } from "./utils/logger.js"
 
 import type { RequestInternal, ResponseInternal } from "../types.js"
 import type { AuthConfig } from "../index.js"
@@ -18,6 +19,23 @@ export async function AuthInternal(
 ): Promise<ResponseInternal> {
   const { action, providerId, error, method } = request
 
+  // Handle _log action: accept client-side debug log messages.
+  // When debug is enabled, log the message server-side; always return 200.
+  if (action === "_log") {
+    const logger = setLogger(authOptions)
+    if (request.body) {
+      const { level, code, message: msg } = request.body
+      if (level === "error") {
+        logger.debug("client_error", { code, message: msg, ...request.body })
+      } else if (level === "warn") {
+        logger.debug("client_warn", { code, message: msg, ...request.body })
+      } else {
+        logger.debug("client_log", { message: msg, ...request.body })
+      }
+    }
+    return { status: 200, body: "" }
+  }
+
   const csrfDisabled = authOptions.skipCSRFCheck === skipCSRFCheck
 
   const { options, cookies } = await init({
diff --git a/packages/core/src/lib/utils/actions.ts b/packages/core/src/lib/utils/actions.ts
index 4b84ff69eb..0db69b2a43 100644
--- a/packages/core/src/lib/utils/actions.ts
+++ b/packages/core/src/lib/utils/actions.ts
@@ -1,6 +1,7 @@
 import type { AuthAction } from "../../types.js"
 
 const actions: AuthAction[] = [
+  "_log",
   "providers",
   "session",
   "csrf",
diff --git a/packages/core/src/types.ts b/packages/core/src/types.ts
index b6653ffe04..f44f986e45 100644
--- a/packages/core/src/types.ts
+++ b/packages/core/src/types.ts
@@ -320,6 +320,7 @@ export interface PublicProvider {
  *   - **`GET`**: Returns the options for the WebAuthn authentication and registration flows.
  */
 export type AuthAction =
+  | "_log"
   | "callback"
   | "csrf"
   | "error"
diff --git a/packages/core/test/url-parsing.test.ts b/packages/core/test/url-parsing.test.ts
index d978b37fe7..bd9590cc7a 100644
--- a/packages/core/test/url-parsing.test.ts
+++ b/packages/core/test/url-parsing.test.ts
@@ -76,6 +76,18 @@ describe("parse the action and provider id", () => {
       providerId: undefined,
       basePath: "/auth",
     },
+    {
+      path: "/api/auth/_log",
+      action: "_log",
+      providerId: undefined,
+      basePath: "/api/auth",
+    },
+    {
+      path: "/auth/_log",
+      action: "_log",
+      providerId: undefined,
+      basePath: "/auth",
+    },
   ])("$path", ({ path, error, basePath, action, providerId }) => {
     if (action || providerId) {
       const parsed = parseActionAndProviderId(path, basePath)