Merged
Conversation
…user_Id Fetch created events by user id
…oint Fix get bingo game endpoint
- Add LinkedIn OAuth utility for auth URL generation, token exchange, and profile fetching - Add linkedinAuth and linkedinCallback controllers with CSRF state token protection - Update User model with OAuth fields (linkedinId, profilePhoto, authProvider) and make passwordHash optional - Add pre-save validation ensuring local auth users still require passwords - Handle email conflicts between OAuth and password-based accounts - Add environment variable validation for LinkedIn credentials at startup
Add LinkedIn OAuth 2.0 authentication
Replace direct JWT token in redirect URL with a single-use auth code pattern. The LinkedIn callback now generates a temporary code stored in MongoDB (60s TTL), and the frontend exchanges it via POST /api/auth/exchange for a JWT token. This prevents token exposure in browser history and URLs.
Upgrade the guest join flow to create a real User account with authProvider 'guest', returning a JWT token so guests can access protected routes and complete their profile later. Add PUT /api/users/:userId endpoint for updating name, email, password, bio, profilePhoto, and socialLinks. Guest users are upgraded to local auth when they set a password. Users can only update their own profile. Update User model to support guest accounts (email optional with sparse index) and add bio/socialLinks fields.
Add secure auth code exchange for LinkedIn OAuth
Add quick signup and profile update endpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.