refactor: simplify handlers and user service

[appleboy]

Summary

Pure code-quality cleanup from a /simplify pass over the handlers and user service. No behavior changes — eliminates redundant work, dead code, and nested conditionals flagged against the project's "no if/else chains" convention.

• Compute the device verification user code once instead of formatting it twice in the response
• Drop the unused revoked-token count variable in the client revoke-all handler
• Hoist the static OIDC discovery subject-types and claims-supported lists to package scope so the Discovery endpoint stops reallocating two slices per request
• Flatten nested email/username uniqueness checks in the user service into sequential guard clauses

AI Authorship

• AI was used. Details:
  • Tool / model: Claude Opus 4.8 (1M context) via Claude Code (/simplify skill)
  • AI-authored files: internal/handlers/client.go, internal/handlers/device.go, internal/handlers/oidc.go, internal/services/user.go
  • Human line-by-line reviewed: ⚠️ Not yet — line-by-line human review still pending at time of opening

Change classification

• Leaf node (local impact) — refactors only, no behavior change; verified by the existing test suite
• Note: internal/services/user.go touches user uniqueness logic (core-adjacent). See reviewer guide.

Verification

• make generate → go build ./... clean
• go vet ./... clean
• Existing tests pass: internal/handlers, internal/services, internal/util, internal/token
• No new tests added — changes are behavior-preserving refactors covered by existing tests.
• Manual verification: N/A (no behavioral change)

Verifiability check

• Refactors preserve existing public signatures and response shapes
• Reviewer can judge correctness from the diff alone (small, mechanical)

Risk & rollback

• Risk: Low. The only logic-shaped change is the flattening of the user uniqueness guards — a transcription error there could alter conflict detection. Behavior is intended to be identical.
• Rollback: Revert the single commit on this branch.

Reviewer guide

• Read carefully: internal/services/user.go — confirm the flattened email/username guard clauses are logically equivalent to the prior if/else if (no inverted conditions, err reuse is correct).
• Spot-check OK: oidc.go (verbatim slice hoist), device.go (dedup of one call), client.go (dead-var removal).

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR performs a small refactor pass across handlers and the user service to reduce redundant work, remove dead code, and simplify conditional logic, while keeping behavior and API responses unchanged.

Changes:

• Deduplicates device-flow user_code formatting and removes an unused revoke-all return value.
• Hoists static OIDC discovery lists to package scope to avoid per-request slice allocations.
• Flattens user uniqueness checks into guard clauses in UserService.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
internal/services/user.go	Simplifies email/username uniqueness checks and removes unnecessary local shadowing.
internal/handlers/oidc.go	Moves static discovery subject_types_supported / claims_supported slices to package scope and reuses them in responses.
internal/handlers/device.go	Computes formatted device verification user_code once and reuses it in the response payload.
internal/handlers/client.go	Drops unused revokedCount from revoke-all handler call site.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

❌ Patch coverage is 75.00000% with 5 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
internal/services/user.go	55.55%	1 Missing and 3 partials ⚠️
internal/handlers/client.go	0.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!