feat: add OAuth/social login providers plugin (Phase 1)#742
Merged
Conversation
Implements the core OAuth2 authorization code flow as a SonicJS plugin, enabling social login via GitHub and Google providers. Changes: - New oauth-providers plugin with PluginBuilder SDK pattern - OAuth2 authorization code flow with CSRF state protection - GitHub and Google as built-in providers (provider-agnostic design) - Account linking: auto-links OAuth to existing email accounts - New user creation from OAuth profile data - oauth_accounts database migration (table + indexes) - Registered in core plugins, bootstrap service, and app routes - No new dependencies — uses native fetch for all OAuth HTTP calls - Cloudflare Workers compatible Routes added: GET /auth/oauth/:provider — Redirect to provider GET /auth/oauth/:provider/callback — Handle callback POST /auth/oauth/link — Link OAuth to account POST /auth/oauth/unlink — Unlink OAuth provider GET /auth/oauth/accounts — List linked accounts Fixes #737
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…P site name New docs pages: - QR Code Generator plugin - Redirect Management plugin - Forms as Collections Updated docs: - Authentication: RBAC enforcement details, rate limiting, CSRF - Field Types: collapsible fields, objectLayout - Core Plugins: added new plugins - API Reference: auto-discovery mention Bug fix: - OTP plugin email preview now reads site name from General Settings (was using wrong DB query, always showed 'SonicJS') 🤖 Generated with [Claude Code](https://claude.com/claude-code)
…tory function (#741) Script tags inserted via innerHTML are not executed by the browser. After loading version history HTML into the modal container, we now manually re-create script elements so the browser executes them, making closeVersionHistory and other functions available to onclick handlers. Fixes #666
The OTP plugin settings page has a Logo URL field but it was never passed to the email template or the admin preview. Now: - logoUrl is passed from plugin settings to the email template data - Admin preview shows the logo above 'Your Login Code' header - Added logoUrl to OTPSettings interface 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Change the Plugin type import in oauth-providers/index.ts from '@sonicjs-cms/core' (circular package import) to relative '../../types'. Change index.ts to import OAuth exports directly from the oauth-providers subdirectory instead of from core-plugins/index.ts, which was pulling in all core plugins and their unresolvable @sonicjs-cms/core imports. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds OAuth2/OIDC social login support as a core plugin, implementing Phase 1 of #737. Users can sign in via GitHub or Google using the standard OAuth2 authorization code flow, with automatic account linking by email.
Changes
oauth-providersbuilt with the PluginBuilder SDK034):oauth_accountstable with proper indexes and foreign key tousersGET /auth/oauth/:provider— Redirect to provider authorizationGET /auth/oauth/:provider/callback— Handle OAuth callbackPOST /auth/oauth/link— Link OAuth to existing accountPOST /auth/oauth/unlink— Unlink OAuth providerGET /auth/oauth/accounts— List linked accountsfetchfor all OAuth HTTP callsFiles Changed
packages/core/src/plugins/core-plugins/oauth-providers/index.ts(new)packages/core/src/plugins/core-plugins/oauth-providers/oauth-service.ts(new)packages/core/src/plugins/core-plugins/oauth-providers/manifest.json(new)packages/core/src/db/migrations/0010_oauth_accounts.sql(new)packages/core/src/db/migrations-bundle.ts(migration 034 added)packages/core/src/app.ts(route registration)packages/core/src/index.ts(exports)packages/core/src/plugins/core-plugins/index.ts(exports + CORE_PLUGIN_IDS)packages/core/src/services/plugin-bootstrap.ts(core plugin entry)Testing
Configuration
After enabling the plugin, configure provider credentials in the admin plugin settings page:
{ "providers": { "github": { "clientId": "...", "clientSecret": "...", "enabled": true }, "google": { "clientId": "...", "clientSecret": "...", "enabled": true } } }Future Work (Phase 2+)
Fixes #737