Phase 9: OAuth & Account Switching — Google + Authentik, multi-account · 5c651b7988 - personal-ai-assistant

Phase 9: OAuth & Account Switching — Google + Authentik, multi-account

Backend:
- OAuth service with pluggable provider architecture (Google + Authentik)
- Generic authorize/callback endpoints for any provider
- Authentik OIDC integration (configurable base URL)
- hashed_password made nullable for OAuth-only users
- Migration 009: nullable password column
- /auth/switch endpoint returns full AuthResponse for account switching
- OAuth-only users get clear error on password login attempt
- UserResponse includes oauth_provider + avatar_url

Frontend:
- OAuth buttons on login form (Google + Authentik)
- OAuth callback handler (/auth/callback route)
- Multi-account auth store (accounts array, addAccount, switchTo, removeAccount)
- Account switcher dropdown in header (hover to see other accounts)
- "Add another account" option
- English + Russian translations

Config:
- GOOGLE_CLIENT_ID/SECRET/REDIRECT_URI
- AUTHENTIK_CLIENT_ID/SECRET/BASE_URL/REDIRECT_URI

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

This commit is contained in:

Admin

2026-03-19 15:56:20 +03:00

parent d86d53f473

commit 5c651b7988

18 changed files with 436 additions and 33 deletions

									
										2

backend/pyproject.toml
									
												View File
												
				@@ -22,6 +22,8 @@ dependencies = [

				    "weasyprint>=62.0",

				    "jinja2>=3.1.0",

				    "python-json-logger>=2.0.0",

				    "authlib>=1.3.0",

				    "itsdangerous>=2.2.0",

				]

				[project.optional-dependencies]

Phase 9: OAuth & Account Switching — Google + Authentik, multi-account

2 backend/pyproject.toml Unescape Escape View File

2

backend/pyproject.toml

View File