sub2api

Author	SHA1	Message	Date
ye4241	39fe7aa0eb	feat(oidc): 上游邮箱已验证时跳过 choice 页直接登录注册当前 OIDC 首次登录无条件创建 choose_account_action_required 的 pending session，即使 force_email_on_third_party_signup 关闭，前端仍然会强制弹出"创建账号 / 绑定已有账号"的二选一界面，并展示内部合成邮箱（oidc-xxx@oidc-connect.invalid），用户体验差。本次复用已存在的 LoginOrRegisterVerifiedEmailOAuth 路径（原本仅供 github/google 使用），在以下条件全部满足时跳过 choice 页，直接信任上游身份完成注册/登录： - force_email_on_third_party_signup = false - 邀请码模式未启用 - 上游声明 email_verified = true 且 compat_email 非空 - 本地不存在同邮箱已有账号失败时（如邮箱后缀不在白名单、注册关闭等）自动回退到现有 choice 流程，行为完全向后兼容。测试覆盖： - TestTryOIDCVerifiedEmailFastPathCreatesUserAndIdentity - TestTryOIDCVerifiedEmailFastPathSkippedWhenInvitationCodeRequired - TestTryOIDCVerifiedEmailFastPathSkippedWhenForceEmailEnabled	2026-05-21 13:32:20 +08:00
IanShaw027	36aed35957	fix(auth): harden oauth identity upgrade paths	2026-04-22 14:56:56 +08:00
IanShaw027	83cad63ce0	fix(auth): harden oauth callback adoption flows	2026-04-22 13:19:20 +08:00
IanShaw027	767f2f2dfe	fix(auth): harden pending oauth and backend mode flows	2026-04-22 12:30:00 +08:00
IanShaw027	84628108fc	fix(auth): preserve backward-compatible oauth defaults	2026-04-22 11:17:32 +08:00
IanShaw027	b13e34f831	fix(ci): align auth and payment verification tests	2026-04-22 02:32:53 +08:00
IanShaw027	f398650166	fix: harden oidc compat email and email bind tx	2026-04-21 11:00:08 +08:00
IanShaw027	7c6491c2d3	fix auth pending session hardening	2026-04-21 01:45:25 +08:00
IanShaw027	c6d8592484	feat: add profile auth identity binding flow	2026-04-20 18:28:44 +08:00
IanShaw027	e9de839d87	feat: rebuild auth identity foundation flow	2026-04-20 17:39:57 +08:00
IanShaw027	fbd0a2e3c4	feat: carry suggested third-party profile through pending oauth	2026-04-20 16:27:23 +08:00
IanShaw027	d3d4267731	fix: harden oidc callback security	2026-04-20 16:23:42 +08:00
Glorhop	8e1a7bdfff	fix: fixed an issue where OIDC login consistently used a synthetic email address	2026-04-09 02:20:51 +00:00
ruiqurm	02a66a01c3	feat: support OIDC login.	2026-04-09 02:20:51 +00:00

14 Commits