backend/db/migrations/22_identity_oauth_config.sql

-- =====================================================================
-- IDENTITY SCHEMA — Part 22: external OAuth provider config (Google, …)
-- Admin-editable client credentials for social login. Read by identity at
-- login time; secrets never leave the server (masked in the admin API).
-- =====================================================================

SET search_path TO identity, public;

CREATE TABLE IF NOT EXISTS oauth_config (
    provider      TEXT PRIMARY KEY,            -- 'google' (extensible: 'github', …)
    client_id     TEXT,
    client_secret TEXT,
    redirect_uri  TEXT,                         -- must match the provider console
    enabled       BOOLEAN     NOT NULL DEFAULT FALSE,
    updated_at    TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

INSERT INTO oauth_config (provider) VALUES ('google')
ON CONFLICT (provider) DO NOTHING;
feat(auth+admin): Sign in with Google (OAuth) + Integrations config panel 2026-06-03 00:08:21 +03:30			`-- =====================================================================`
			`-- IDENTITY SCHEMA — Part 22: external OAuth provider config (Google, …)`
			`-- Admin-editable client credentials for social login. Read by identity at`
			`-- login time; secrets never leave the server (masked in the admin API).`
			`-- =====================================================================`

			`SET search_path TO identity, public;`

			`CREATE TABLE IF NOT EXISTS oauth_config (`
			`provider TEXT PRIMARY KEY, -- 'google' (extensible: 'github', …)`
			`client_id TEXT,`
			`client_secret TEXT,`
			`redirect_uri TEXT, -- must match the provider console`
			`enabled BOOLEAN NOT NULL DEFAULT FALSE,`
			`updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()`
			`);`

			`INSERT INTO oauth_config (provider) VALUES ('google')`
			`ON CONFLICT (provider) DO NOTHING;`