Phase 5 — OAuth 2.0 / Social Login
Pre-release
Pre-release
What's included
- 8 OAuth providers: Google, Facebook, GitHub, Microsoft, LinkedIn, Discord, Twitter/X, Apple
- PKCE S256 on every flow
- Account linking with 3-case resolution + auto-register fallback
- Apple Sign In: dynamic ES256 client_secret, JWKS-cached id_token verification
- OAuth tokens encrypted at rest (Fernet)
- Connect/disconnect with last-login-method protection
- set_password for OAuth-only accounts
Test Coverage
57 tests — 57 passing
Cumulative: 294 tests across Phases 1–5