Fix invitation flow by allowing unauthenticated tRPC requests

The middleware was blocking /api/trpc requests for unauthenticated users, which prevented the accept-invite page from calling the public validateInviteToken procedure. tRPC handles its own authentication via procedure middleware, so the NextAuth middleware should allow all tRPC requests through. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 00:26:05 +01:00 · 2026-02-04 00:26:05 +01:00 · 0f956cf23f
parent b0189cad92
commit 0f956cf23f
1 changed files with 1 additions and 0 deletions
--- a/src/lib/auth.config.ts
+++ b/src/lib/auth.config.ts
@ -45,6 +45,7 @@ export const authConfig: NextAuthConfig = {
        '/accept-invite',
        '/apply',
        '/api/auth',
+        '/api/trpc', // tRPC handles its own auth via procedures
      ]

      // Check if it's a public path