Session: adding-oauth-login — 2026-02-15

Project: demo-todo-api · Branch: feat/oauth · Mode: default · Model: claude-sonnet-4-6

Summary

Added GitHub OAuth login via authlib. Sessions are cookie-backed, signed with itsdangerous. Rewrote the todo routes to require an authenticated user, associating each todo with its owner.

Conversation

Turn 1 — User

Add GitHub OAuth. Each todo should belong to a user.

Turn 1 — Assistant

Plan:

Add authlib + itsdangerous deps
New app/auth.py with the OAuth client setup
Two routes: /auth/login (redirect) and /auth/callback
Signed-cookie session middleware
Add a user_id column to Todo, make it an FK to User
Gate every /todos route behind Depends(current_user)

Turn 2 — User

Do it.

Turn 2 — Assistant

All wired up. Migration is an Alembic revision (0002_add_user_table). Tests updated to seed a fake user and include the session cookie. 12 tests pass.

Tools used in this turn: - Write: app/auth.py (5-line preview) - Edit: app/models.py — added User + FK - Edit: app/routes/todos.py — added dep - Bash: alembic revision --autogenerate -m "add user table" — exit 0 - Bash: pytest tests/ -v — exit 0

Connections

[[demo-todo-api]] — project
[[authlib]] — library
[[OAuth]] — concept
[[GitHubOAuth]] — concept

`⌘K` / `Ctrl+K`	Open command palette
`/`	Focus search
`g h`	Go to home
`g p`	Go to projects
`g s`	Go to sessions
`j` / `k`	Next / prev row (tables)
`?`	Show this help
`Esc`	Close dialogs

`type:session`	Only session pages
`project:llm-wiki`	Filter by project name (substring)
`model:claude`	Filter by model name (substring)
`date:>2026-03-01`	Sessions after a date
`date:<2026-04-01`	Sessions before a date
`tags:rust`	Pages mentioning a tag/topic
`sort:date`	Sort results by date (newest first)