Phase 9: OAuth & Account Switching — Google + Authentik, multi-account
Backend: - OAuth service with pluggable provider architecture (Google + Authentik) - Generic authorize/callback endpoints for any provider - Authentik OIDC integration (configurable base URL) - hashed_password made nullable for OAuth-only users - Migration 009: nullable password column - /auth/switch endpoint returns full AuthResponse for account switching - OAuth-only users get clear error on password login attempt - UserResponse includes oauth_provider + avatar_url Frontend: - OAuth buttons on login form (Google + Authentik) - OAuth callback handler (/auth/callback route) - Multi-account auth store (accounts array, addAccount, switchTo, removeAccount) - Account switcher dropdown in header (hover to see other accounts) - "Add another account" option - English + Russian translations Config: - GOOGLE_CLIENT_ID/SECRET/REDIRECT_URI - AUTHENTIK_CLIENT_ID/SECRET/BASE_URL/REDIRECT_URI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -252,10 +252,10 @@ Daily scheduled job (APScheduler, 8 AM) reviews each user's memory + recent docs
|
||||
- Summary: Admin-managed Jinja2 PDF templates in DB with locale support (en/ru), template selector for users/AI, live preview editor, basic + medical seed templates
|
||||
|
||||
### Phase 9: OAuth & Account Switching
|
||||
- **Status**: NOT STARTED
|
||||
- [ ] Subplan created (`plans/phase-9-oauth.md`)
|
||||
- [ ] Phase completed
|
||||
- Summary: OAuth (Google, GitHub), account switching UI, multiple stored sessions
|
||||
- **Status**: COMPLETED
|
||||
- [x] Subplan created (`plans/phase-9-oauth.md`)
|
||||
- [x] Phase completed
|
||||
- Summary: OAuth (Google + Authentik), account switching UI, multi-account store
|
||||
|
||||
### Phase 10: Per-User Rate Limits
|
||||
- **Status**: COMPLETED
|
||||
|
||||
Reference in New Issue
Block a user