barrettruth/delta
1
0
Fork 0
Code Issues 14 Pull requests Releases 1 Packages Activity Actions

feat: OAuth login (Google, GitHub, GitLab) #28

New issue
Closed
opened 2026-03-23 03:40:45 +00:00 by barrettruth · 0 comments
barrettruth commented 2026-03-23 03:40:45 +00:00
Copy link

Problem

Auth is currently username/password only. Friends who want to use delta need credentials created manually. OAuth would make onboarding frictionless.

Scope

Add OAuth 2.0 login support for:

  • GitHub (primary — most likely provider for this audience)
  • Google (broad coverage)
  • GitLab (nice to have, same OAuth2 flow)

Design

  • Add an accounts table linking OAuth provider + provider user ID to a delta users row
  • Support linking multiple providers to one user
  • On first OAuth login, auto-create the user if invite policy allows (or require a pre-created account to link)
  • OAuth client credentials (OAUTH_GITHUB_CLIENT_ID, etc.) configured via env vars
  • Callback routes: /api/auth/callback/github, /api/auth/callback/google, /api/auth/callback/gitlab
  • Login page shows provider buttons alongside existing username/password form
  • Settings page allows linking/unlinking OAuth providers to existing account

Non-goals

  • No OIDC/SAML enterprise SSO
  • No replacing the existing session system — OAuth just becomes another way to establish a session
## Problem Auth is currently username/password only. Friends who want to use delta need credentials created manually. OAuth would make onboarding frictionless. ## Scope Add OAuth 2.0 login support for: - **GitHub** (primary — most likely provider for this audience) - **Google** (broad coverage) - **GitLab** (nice to have, same OAuth2 flow) ## Design - Add an `accounts` table linking OAuth provider + provider user ID to a delta `users` row - Support linking multiple providers to one user - On first OAuth login, auto-create the user if invite policy allows (or require a pre-created account to link) - OAuth client credentials (`OAUTH_GITHUB_CLIENT_ID`, etc.) configured via env vars - Callback routes: `/api/auth/callback/github`, `/api/auth/callback/google`, `/api/auth/callback/gitlab` - Login page shows provider buttons alongside existing username/password form - Settings page allows linking/unlinking OAuth providers to existing account ## Non-goals - No OIDC/SAML enterprise SSO - No replacing the existing session system — OAuth just becomes another way to establish a session
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/task-panel-save-atomicity
settings-modal
feat/add-task-external-links
feat/reminder-transport-settings
feat/reminder-foundation
build/oidc-release-pipeline
fix/settings-cleanup
fix/remove-oauth-config-ui
nightly-20260426
cli-v0.0.2
Labels
Clear labels   
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
track:api
API layer track

  
track:auto
Automation track

  
track:core
Core engine track

  
track:deploy
Deployment track

  
track:infra
Infrastructure track

  
track:ui
Web UI track

  
v0.1.0
First release milestone

  
v0.1.1
post-initial release

  
wontfix
This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
track:api
track:auto
track:core
track:deploy
track:infra
track:ui
v0.1.0
v0.1.1
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
barrettruth/delta#28
No description provided.