Multiple login pages and two primaryUserFlow - there's got to be a better way than this

[hmdegroot]

So I have a situation that doesn't seem like a crazy ask to me. I have two paths to log in. One is for the general public, one is for internal admin staff. If you go to the website and are not authenticated, you are auto directed to the general login. If you point to auth/admin (or whatever url we pick) you should be redirect to the admin login. I'm using azureb2c for both.

The problem: going to auth/admin, I need to pass a different primaryUserFlow in order to redirect the user to the correct b2c login page. Currently, I have a hack that I hate - code below. The middleware watches for the path, adds a 30 second cookie that flags the user as logging in as admin. Then when they get to the options I check the cookie value and pass the correct policy. There are a few ways this could go south for the user. I'm looking for an alternative solution but I'm pretty stumped.

FYI, using nextauth 4 & nextjs 14

//middleware.ts

export async function middleware(req: NextRequest) {
if (!req.nextUrl.pathname.includes('/auth/admin')) {
return NextResponse.next()
  }
const url = req.nextUrl.clone()
  url.pathname = '/'
const response = NextResponse.redirect(url)
  response.cookies.set('isAdminLogin', 'true', { maxAge: 30, path: '/' })
return response
}

//route.ts

import { cookies } from 'next/headers'
import NextAuth from 'next-auth'
import { getAuthOptions } from './options'
const getNextAuthOptions = (req: any, res: any) => {
const isAdminLogin = cookies().get('isAdminLogin')?.value == 'true'
const options = getAuthOptions(isAdminLogin)
return NextAuth(req, res, options)
}
export async function GET(req: any, res: any) {
return getNextAuthOptions(req, res)
}
export async function POST(req: any, res: any) {
return getNextAuthOptions(req, res)
}

//options.ts

export function getAuthOptions(isAdminLogin: boolean) {
const userFlow = isAdminLogin ? process.env.AZURE_AD_B2C_ADMIN_USER_FLOW : process.env.AZURE_AD_B2C_PRIMARY_USER_FLOW
const options: NextAuthOptions = {
providers: [
AzureADB2CProvider({
tenantId: process.env.AZURE_AD_B2C_TENANT_NAME,
clientId: process.env.AZURE_AD_B2C_CLIENT_ID as string,
clientSecret: process.env.AZURE_AD_B2C_CLIENT_SECRET as string,
primaryUserFlow: userFlow as string,
authorization: {
params: {
scope: [
'openid',
'offline_access',
process.env.AZURE_AD_SCOPE_READ as string,
process.env.AZURE_AD_SCOPE_WRITE as string,
].join(' '),
prompt: 'consent',
access_type: 'offline',
response_type: 'code',
},
},

[bundit-fa]

@hmdegroot stumped as well. how do you handle user flows like profile edit and forgot password?