Skip to content

feat(auth): add Google and GitHub OAuth2 social login#786

Merged
RUKAYAT-CODER merged 2 commits into
rinafcode:mainfrom
Nimatstar:feat/509-oauth2-oidc
Jun 24, 2026
Merged

feat(auth): add Google and GitHub OAuth2 social login#786
RUKAYAT-CODER merged 2 commits into
rinafcode:mainfrom
Nimatstar:feat/509-oauth2-oidc

Conversation

@Nimatstar

Copy link
Copy Markdown
Contributor

Summary

Adds Google and GitHub OAuth2 social login to the existing Passport/Auth0 JWT authentication stack, including account linking and a user-facing callback controller.

What's changed

New packages

  • passport-google-oauth20 + types
  • passport-github2 + types

User entity

  • provider - stores the OAuth provider name (google, github, etc.)
  • providerId - provider-specific user ID (indexed for fast lookup)
  • providerAccessToken / providerRefreshToken - stored provider tokens
  • password made nullable to support password-less OAuth-only accounts

New files

File Purpose
strategies/google.strategy.ts Passport Google OAuth2 strategy
strategies/github.strategy.ts Passport GitHub OAuth2 strategy
services/social-auth.service.ts indOrCreateFromProvider, linkProvider, unlinkProvider
guards/google-oauth.guard.ts AuthGuard('google') wrapper
guards/github-oauth.guard.ts AuthGuard('github') wrapper
controllers/social-auth.controller.ts /auth/google, /auth/github + callbacks

Auth module updated to register new strategies, service, and controller.

Env vars required

Var Purpose
GOOGLE_CLIENT_ID Google OAuth2 app client ID
GOOGLE_CLIENT_SECRET Google OAuth2 app client secret
GOOGLE_CALLBACK_URL Redirect URI (default /auth/google/callback)
GITHUB_CLIENT_ID GitHub OAuth app client ID
GITHUB_CLIENT_SECRET GitHub OAuth app client secret
GITHUB_CALLBACK_URL Redirect URI (default /auth/github/callback)

Account linking behaviour

  1. Lookup by provider + providerId - returns existing linked account
  2. Lookup by email - links the provider to an existing local account
  3. Neither found - creates a new user from the OAuth profile

closes #509

- Install passport-google-oauth20 and passport-github2 strategies
- Add provider, providerId, providerAccessToken, providerRefreshToken
  nullable columns to User entity for social account storage
- Make password column nullable to support password-less OAuth accounts
- GoogleStrategy: uses GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET env vars,
  requests email + profile scopes, callback at /auth/google/callback
- GitHubStrategy: uses GITHUB_CLIENT_ID / GITHUB_CLIENT_SECRET env vars,
  requests user:email scope, callback at /auth/github/callback
- SocialAuthService.findOrCreateFromProvider: finds user by providerId,
  falls back to email match (links existing account), or creates new user
- SocialAuthService.linkProvider / unlinkProvider: allows connecting and
  disconnecting social providers from an existing account
- SocialAuthController: GET /auth/google, /auth/google/callback,
  /auth/github, /auth/github/callback endpoints with Swagger docs
- GoogleOAuthGuard / GitHubOAuthGuard wrappers for Passport AuthGuard

closes rinafcode#509
@drips-wave

drips-wave Bot commented Jun 24, 2026

Copy link
Copy Markdown

@Nimatstar Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@RUKAYAT-CODER

Copy link
Copy Markdown
Contributor

Thank you for contributing to the project

@RUKAYAT-CODER RUKAYAT-CODER merged commit c7f6249 into rinafcode:main Jun 24, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add OAuth2/OpenID Connect provider support

2 participants