fix(auth): prevent login page freeze on OAuth sign-in failure

The login page froze after clicking "Continue with Authentik" because
signIn.oauth2() resolves (not rejects) on server 500, leaving the
button stuck in "Connecting..." state permanently.

- Handle the .then() case to detect error/missing redirect URL and
  reset loading state with a user-facing error message
- Log BetterAuth silent 500 responses that bypass NestJS error handling
- Enable BetterAuth error-level logger for diagnostic visibility

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/api/src/auth/auth.config.ts

@@ -254,6 +254,10 @@ export function createAuth(prisma: PrismaClient) {
       enabled: true,
     },
     plugins: [...getOidcPlugins()],
+    logger: {
+      disabled: false,
+      level: "error",
+    },
     session: {
       expiresIn: 60 * 60 * 24 * 7, // 7 days absolute max
       updateAge: 60 * 60 * 2, // 2 hours — minimum session age before BetterAuth refreshes the expiry on next request

apps/api/src/auth/auth.controller.ts

@@ -123,6 +123,14 @@ export class AuthController {
 
     try {
       await handler(req, res);
+
+      // BetterAuth writes responses directly — catch silent 500s that bypass NestJS error handling
+      if (res.statusCode >= 500) {
+        this.logger.error(
+          `BetterAuth returned ${String(res.statusCode)} for ${req.method} ${req.url} from ${clientIp}` +
+            ` — check container stdout for '# SERVER_ERROR' details`
+        );
+      }
     } catch (error: unknown) {
       const message = error instanceof Error ? error.message : String(error);
       const stack = error instanceof Error ? error.stack : undefined;