21060916988

Committed 16 Jan 2026 08:49AM UTC coverage: 68.512% (-0.05%) from 68.561%

Build # 21060916988

Build Type

push

github

Committed by

web-flow

Commit Message

feat: replace JWT OAuth state with `flow_state.id` UUID (#2331)

- Migrate OAuth state parameter from JWT to UUID (`flow_state.id`)
- Add OAuth context fields to flow_state table (invite_token, referrer,
oauth_client_state_id, linking_target_id, email_optional)
- Make PKCE fields nullable to support implicit flow
- Always create flow_state record for all OAuth flows, not just PKCE
- Add IsPKCE() method to distinguish PKCE vs implicit flows
- Backward compatible: callback still accepts legacy JWT state format
- Update all external provider tests to verify UUID state format

In a follow-up release, the legacy JWT state support will be removed;
ensuring there are no breaking changes.

Run Details

116 of 152 new or added lines in 6 files covered. (76.32%)

16 existing lines in 5 files now uncovered.

14724 of 21491 relevant lines covered (68.51%)

77.94 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

77.71

/internal/api/context.go

supabase / auth / 21060916988

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous