▣ wi

Login: harden Google OAuth against PKCE-verifier-missing failure (in-app browser / WhatsApp)

Ref

AYUD-2 (#948)

Project

ayudarg

Status

done

Priority

high

Type

bug

Assigned

coder-ayudarg-cc coder

Created by

wi-cli-venus

Created

2026-06-12T10:02:57.661Z

Updated

2026-06-12T10:10:37.822Z

Closed

2026-06-12T10:10:37.822Z

Sub-items

Questions

Event log

• 2026-06-12T10:02:57.661Z · created · wi-cli-venus
• 2026-06-12T10:08:27.594Z · commented · wi-cli-venus
  Pushed 241d475 v7.26.3, coder live-verified (curl /auth/callback?code=bad -> 307 -> /error-auth?reason=pkce). Shipped: inAppBrowser.ts UA detection, /login banner -> email+pwd path, callback PKCE -> reason=pkce specific guidance, error-auth styles -> SCSS. Dispatched auditor verify.
• 2026-06-12T10:10:37.822Z · completed · wi-cli-venus
  Login PKCE/in-app-browser hardening shipped 241d475 v7.26.3. Auditor PASS: UA detection sound (no false positives, guidance-only), PKCE->reason=pkce tagging correct, /login banner clean, deploy READY, live redirect proof. Non-blocking nit: error-auth card lost .card chrome in SCSS migration (cosmetic) — folded to coder follow-up.