Skip to content

[superlog] Show actionable 'wrong account' UI on invitation recipient mismatch#76

Open
superlog-app[bot] wants to merge 1 commit into
mainfrom
superlog/fix-invitation-wrong-account-ux
Open

[superlog] Show actionable 'wrong account' UI on invitation recipient mismatch#76
superlog-app[bot] wants to merge 1 commit into
mainfrom
superlog/fix-invitation-wrong-account-ux

Conversation

@superlog-app

@superlog-app superlog-app Bot commented Jun 17, 2026

Copy link
Copy Markdown

Summary

Users who click an org invitation link while signed in as a different account see a raw "You are not the recipient of the invitation" error with no recovery path. The invitation accept page was designed to show a friendly "This invite was sent to X, but you're signed in as Y" warning and prevent the Accept button, but that branch was dead code — better-auth's getInvitation endpoint throws 403 before returning any invitation data when the signed-in email doesn't match the invitation email.

The wrongAccount check (and the blocked Accept button) in AcceptInvitationInner could never be reached: invite.email is only populated on the success path, which is unreachable when emails don't match.

This patch adds a wrong-account state to LoadState and detects the specific 403 error message from better-auth. When triggered, the component shows a clear warning and a Sign out button so the user can sign in with the invited address and complete the flow. The dead wrongAccount variable and its associated disabled-button logic are removed.

An alternative approach would be to accept the invitation link URL without requiring authentication (serving a public preview of the invite), but that would require a better-auth API change or a custom server-side endpoint.

Incident on Superlog


Was this PR helpful? Leave feedback — goes straight to the Superlog team.


Summary by cubic

Fix wrong-account flow on org invitations by detecting recipient mismatches and showing a clear warning with a Sign out action instead of a raw error.

  • Bug Fixes
    • Handle 403 from better-auth getInvitation ("You are not the recipient of the invitation") via a new wrong-account load state.
    • Show a friendly message with a Sign out button and back link so users can switch accounts and accept.
    • Remove dead wrongAccount logic and userEmail prop; Accept is only disabled during in-flight actions.

Written for commit 1e9efb3. Summary will update on new commits.

Review in cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant