alexei.dolgolyov/personal-ai-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c651b798851ed6e1fe7dcd8dd82f874c67052e9
personal-ai-assistant/plans/phase-9-oauth.md
dolgolyov.alexei 5c651b7988 Phase 9: OAuth & Account Switching — Google + Authentik, multi-account 
Backend:
- OAuth service with pluggable provider architecture (Google + Authentik)
- Generic authorize/callback endpoints for any provider
- Authentik OIDC integration (configurable base URL)
- hashed_password made nullable for OAuth-only users
- Migration 009: nullable password column
- /auth/switch endpoint returns full AuthResponse for account switching
- OAuth-only users get clear error on password login attempt
- UserResponse includes oauth_provider + avatar_url

Frontend:
- OAuth buttons on login form (Google + Authentik)
- OAuth callback handler (/auth/callback route)
- Multi-account auth store (accounts array, addAccount, switchTo, removeAccount)
- Account switcher dropdown in header (hover to see other accounts)
- "Add another account" option
- English + Russian translations

Config:
- GOOGLE_CLIENT_ID/SECRET/REDIRECT_URI
- AUTHENTIK_CLIENT_ID/SECRET/BASE_URL/REDIRECT_URI

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 15:56:20 +03:00

45 lines
1.7 KiB
Markdown
Raw Blame History

# Phase 9: OAuth & Account Switching — Subplan
## Goal
Allow users to authenticate via Google OAuth, and switch between multiple logged-in accounts without re-entering credentials.
## Prerequisites
- Auth system with JWT tokens, User model with oauth_provider/oauth_provider_id columns
- Google Cloud OAuth 2.0 credentials
---
## Tasks
- [x] **9.1** Add `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET`, `GOOGLE_REDIRECT_URI` to config.py + .env.example. Add `authlib` to pyproject.toml.
- [x] **9.2** Create `backend/app/services/oauth_service.py`: register Google provider, get_authorization_url, handle_callback (fetch user info, create/link user, issue tokens).
- [x] **9.3** Make `User.hashed_password` nullable (OAuth users have no password). Migration 008.
- [x] **9.4** Add OAuth endpoints to auth.py: `GET /auth/oauth/{provider}/authorize`, `GET /auth/oauth/{provider}/callback`.
- [x] **9.5** Add `POST /auth/switch` endpoint (accepts refresh token, returns full AuthResponse).
- [x] **9.6** Update schemas: add oauth_provider to UserResponse.
- [x] **9.7** Frontend: OAuth API functions, callback route component.
- [x] **9.8** Frontend: OAuth buttons on login form ("Sign in with Google").
- [x] **9.9** Frontend: extend auth-store with accounts array, switchAccount, addAccount.
- [x] **9.10** Frontend: account switcher dropdown in header.
- [x] **9.11** Update routes, i18n (en/ru).
- [x] **9.12** Tests + verification.
---
## Acceptance Criteria
1. Google OAuth login works end-to-end
2. OAuth user created with oauth_provider="google"
3. Existing email users can link to Google
4. Multiple accounts stored; switching is instant
5. OAuth-only users cannot use password login
6. All UI text in en/ru
---
## Status
**COMPLETED**
Reference in New Issue View Git Blame Copy Permalink