alexei.dolgolyov/personal-ai-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c651b798851ed6e1fe7dcd8dd82f874c67052e9
personal-ai-assistant/plans/phase-9-oauth.md
dolgolyov.alexei 5c651b7988 Phase 9: OAuth & Account Switching — Google + Authentik, multi-account 
Backend:
- OAuth service with pluggable provider architecture (Google + Authentik)
- Generic authorize/callback endpoints for any provider
- Authentik OIDC integration (configurable base URL)
- hashed_password made nullable for OAuth-only users
- Migration 009: nullable password column
- /auth/switch endpoint returns full AuthResponse for account switching
- OAuth-only users get clear error on password login attempt
- UserResponse includes oauth_provider + avatar_url

Frontend:
- OAuth buttons on login form (Google + Authentik)
- OAuth callback handler (/auth/callback route)
- Multi-account auth store (accounts array, addAccount, switchTo, removeAccount)
- Account switcher dropdown in header (hover to see other accounts)
- "Add another account" option
- English + Russian translations

Config:
- GOOGLE_CLIENT_ID/SECRET/REDIRECT_URI
- AUTHENTIK_CLIENT_ID/SECRET/BASE_URL/REDIRECT_URI

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 15:56:20 +03:00

1.7 KiB
Raw Blame History

Phase 9: OAuth & Account Switching — Subplan

Goal

Allow users to authenticate via Google OAuth, and switch between multiple logged-in accounts without re-entering credentials.

Prerequisites

  • Auth system with JWT tokens, User model with oauth_provider/oauth_provider_id columns
  • Google Cloud OAuth 2.0 credentials

Tasks

  • 9.1 Add GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REDIRECT_URI to config.py + .env.example. Add authlib to pyproject.toml.
  • 9.2 Create backend/app/services/oauth_service.py: register Google provider, get_authorization_url, handle_callback (fetch user info, create/link user, issue tokens).
  • 9.3 Make User.hashed_password nullable (OAuth users have no password). Migration 008.
  • 9.4 Add OAuth endpoints to auth.py: GET /auth/oauth/{provider}/authorize, GET /auth/oauth/{provider}/callback.
  • 9.5 Add POST /auth/switch endpoint (accepts refresh token, returns full AuthResponse).
  • 9.6 Update schemas: add oauth_provider to UserResponse.
  • 9.7 Frontend: OAuth API functions, callback route component.
  • 9.8 Frontend: OAuth buttons on login form ("Sign in with Google").
  • 9.9 Frontend: extend auth-store with accounts array, switchAccount, addAccount.
  • 9.10 Frontend: account switcher dropdown in header.
  • 9.11 Update routes, i18n (en/ru).
  • 9.12 Tests + verification.

Acceptance Criteria

  1. Google OAuth login works end-to-end
  2. OAuth user created with oauth_provider="google"
  3. Existing email users can link to Google
  4. Multiple accounts stored; switching is instant
  5. OAuth-only users cannot use password login
  6. All UI text in en/ru

Status

COMPLETED

Reference in New Issue View Git Blame Copy Permalink