Skip to content

Claude/nextauth oauth setup uw tjb #582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
marcodejongh wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Claude/nextauth oauth setup uw tjb #582

marcodejongh wants to merge 9 commits into from

Conversation

@marcodejongh
Copy link
Owner

@marcodejongh marcodejongh commented Jan 5, 2026

No description provided.

marcodejongh and others added 9 commits January 4, 2026 22:15
@marcodejongh @claude
Revert "Revert "feat: Add OAuth providers (Google, Apple, Facebook) a…
340ae02 
…nd email…"

This reverts commit 422e21b.
@claude
feat(auth): Complete NextAuth OAuth implementation with comprehensive…
face2bf 
… docs

- Merge PR 529 OAuth implementation (Google, Apple, Facebook providers)
- Fix inline styles in auth-page-content.tsx to use design tokens
- Expand oauth-setup.md with:
  - Architecture overview diagram
  - Prerequisites section
  - Environment variables reference tables
  - Step-by-step provider setup (Google, Apple, Facebook)
  - Email verification setup for multiple SMTP providers
  - Testing procedures
  - Production deployment checklist
  - Comprehensive troubleshooting guide
@claude
fix(db): Add migration to verify existing users
499b101 
Existing users who registered before email verification was required
have emailVerified set to NULL. This migration sets their emailVerified
to their created_at timestamp, allowing them to continue logging in
with the new email verification checks.
@claude
fix: Regenerate package-lock.json after rebase
7f9d1c6
@claude
fix(auth): Address review feedback on OAuth implementation
3abf9a7 
Security improvements:
- Remove userId from registration response to prevent info disclosure
- Add rate limiting to verify-email endpoint (20 req/min per IP)
- Handle TooManyAttempts error in verification UI

UX improvements:
- Reduce timing attack delay from 2.5s to 1.5s
- Use Ant Design icon prop for social buttons (better alignment)
- Remove unnecessary inline styles from social login buttons
@claude
fix(auth): Handle race condition in registration with unique constraint
b48e655
@claude
fix(auth): Wrap registration inserts in transaction for atomicity
77047b6
@claude
fix(auth): Additional atomicity and consistency improvements
6efa9eb 
- verify-email: Wrap user update + token delete in transaction
- resend-verification: Wrap token delete + insert in transaction
- register: Mark OAuth users as verified when adding password
- register: Use transaction for OAuth password linking
- social-login-buttons: Show single skeleton to minimize layout shift
@claude
fix(db): Use NOW() in migration instead of created_at column
67a021d
@vercel
Copy link

vercel bot commented Jan 5, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
boardsesh Error Error Jan 5, 2026 1:10am

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marcodejongh @claude