# Phase 9: OAuth & Account Switching — Subplan

## Goal

Allow users to authenticate via Google OAuth, and switch between multiple logged-in accounts without re-entering credentials.

## Prerequisites

- Auth system with JWT tokens, User model with oauth_provider/oauth_provider_id columns
- Google Cloud OAuth 2.0 credentials

---

## Tasks

- [x] **9.1** Add `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `GOOGLE_REDIRECT_URI` to config.py + .env.example. Add `authlib` to pyproject.toml.
- [x] **9.2** Create `backend/app/services/oauth_service.py`: register Google provider, get_authorization_url, handle_callback (fetch user info, create/link user, issue tokens).
- [x] **9.3** Make `User.hashed_password` nullable (OAuth users have no password). Migration 008.
- [x] **9.4** Add OAuth endpoints to auth.py: `GET /auth/oauth/{provider}/authorize`, `GET /auth/oauth/{provider}/callback`.
- [x] **9.5** Add `POST /auth/switch` endpoint (accepts refresh token, returns full AuthResponse).
- [x] **9.6** Update schemas: add oauth_provider to UserResponse.
- [x] **9.7** Frontend: OAuth API functions, callback route component.
- [x] **9.8** Frontend: OAuth buttons on login form ("Sign in with Google").
- [x] **9.9** Frontend: extend auth-store with accounts array, switchAccount, addAccount.
- [x] **9.10** Frontend: account switcher dropdown in header.
- [x] **9.11** Update routes, i18n (en/ru).
- [x] **9.12** Tests + verification.

---

## Acceptance Criteria

1. Google OAuth login works end-to-end
2. OAuth user created with oauth_provider="google"
3. Existing email users can link to Google
4. Multiple accounts stored; switching is instant
5. OAuth-only users cannot use password login
6. All UI text in en/ru

---

## Status

**COMPLETED**