Skip to content

feat: add GitHub and Google social auth support#81

Merged
yash-pouranik merged 12 commits into
mainfrom
feat/social-auth
Apr 5, 2026
Merged

feat: add GitHub and Google social auth support#81
yash-pouranik merged 12 commits into
mainfrom
feat/social-auth

Conversation

@yash-pouranik
Copy link
Copy Markdown
Collaborator

@yash-pouranik yash-pouranik commented Apr 5, 2026
edited by coderabbitai Bot
Loading

  • Fix Redis key pattern to match AGENTS.md (project:auth:oauth:state:{state})
  • Fix select projection for nested clientSecret fields in getSocialProviderConfig (public-api)
  • Fix fetchGithubProfile to prefer verified primary emails first
  • Fix findOrCreateSocialUser to require emailVerified before linking by email
  • Wrap JSON.parse(rawState) in try/catch in handleSocialAuthCallback
  • Move access token to URL fragment instead of query param in callback redirect
  • Update AuthCallback.jsx to read token from URL fragment
  • Fix select projection for nested clientSecret fields in updateAuthProviders (dashboard-api)
  • Fix sanitizeAuthProviders hasClientSecret detection + update getSingleProject select
  • Update README.md to accurately document email-linking behavior
  • Fix API_URL in social-demo to read from env var
  • Update toast messages in ProjectSettings.jsx ("Project settings saved")
  • Add JSDoc to all new social auth functions to raise docstring coverage
  • Restrict siteUrl to HTTPS (or http://localhost) in Zod schema and updateProject controller
  • Append ?key=<publishableKey> to getSocialStartUrl in social-demo; support ?key= query param in verifyApiKey middleware (publishable keys only — all sk_ prefixed keys blocked from query params)
  • Update Docs.jsx Step 4 to document token delivery via URL fragment (#token=...) and rtCode exchange

Summary by CodeRabbit

New Features

  • Social Authentication: Users can now sign in via GitHub and Google OAuth, enabling passwordless authentication.
  • Social Auth Configuration: Dashboard administrators can configure GitHub and Google providers by entering Client ID and Client Secret for each.
  • Site URL Configuration: Added Site URL field to project settings, required for social auth callback handling. Restricted to HTTPS (or http://localhost for local development).
  • Auth Callback Handling: New auth callback page securely exchanges OAuth tokens and logs users in upon successful social authentication. Access token is delivered via URL fragment to avoid server log exposure.

Documentation

  • Added social auth setup guides to README, dashboard documentation, and example project documentation.
  • Updated Docs.jsx to accurately describe the token delivery mechanism (URL fragment) and the rtCode exchange flow.

Summary by CodeRabbit

  • New Features

    • GitHub & Google social OAuth: start, callback, one-time token exchange, dashboard enable/config UI, and project Site URL support with frontend callback handling

  • Tests

    • New comprehensive tests for social auth flows, exchanges, error cases, and account linking/signup

  • Documentation

    • Added Social Auth setup docs across README, docs site, examples, and demo guides

  • UX

    • Added auth callback page and dashboard UI improvements for social provider configuration

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

+2 more reviewers

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@yash-pouranik @github-advanced-security