Skip to content

docs(auth-web): add MISFIELD gotcha about user.id vs user.uid#688

Open
binggg wants to merge 1 commit intomainfrom
fix/auth-web-user-id-gotcha
Open

docs(auth-web): add MISFIELD gotcha about user.id vs user.uid#688
binggg wants to merge 1 commit intomainfrom
fix/auth-web-user-id-gotcha

Conversation

@binggg
Copy link
Copy Markdown
Member

@binggg binggg commented Apr 29, 2026

Problem

Agent repeatedly writes user.uid after signInWithPassword / getLoginState, but the correct field is user.id (uid is exposed via loginState.uid). This causes auth checks to fail and redirect loops in cases like cms-scaffold.

Fix

Add a MISFIELD gotcha in auth-web-cloudbase skill to explicitly warn against user.uid.

Related

  • Evaluation case: application-js-react-cloudbase-cms-scaffold
  • Attribution issue: issue_cms_scaffold_uid_1777437510250

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 82613bbef4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread config/source/skills/auth-web/SKILL.md
- Using `signInWithEmailAndPassword` or `signUpWithEmailAndPassword` for username-style accounts such as `admin` and `editor`.
- Keeping the login or register account input as `type="email"` when the task explicitly says the account identifier is a plain username string.
- Starting implementation before calling `queryAppAuth(action="getLoginConfig")` and enabling `usernamePassword` when it is still off.
- **MISFIELD: `signInWithPassword` and `register` return `data.user.id` as the uid; `getLoginState` exposes the uid via `loginState.uid`. Do NOT write `user.uid` — it does not exist on the user object.**
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use canonical signUp API name in MISFIELD note

This new warning introduces a backticked register identifier even though this skill consistently documents registration with auth.signUp(...) (and does not define an auth.register API). Because this file is used as generation guidance, presenting register as an API-like name can lead generated frontend code to call a nonexistent method and fail at runtime (auth.register is not a function) in username/password registration flows.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@binggg