Oauth

Prism is an interview practice tool — you pick a topic (elocution, system design, etc.), get matched with AI panelists who have distinct personas, and do push-to-talk voice sessions that get transcribed and critiqued. Today was about hardening it for real users.

Added OAuth for Google, GitHub, and Apple. Google and GitHub are standard OAuth2 flows. Apple is its own thing:

The client secret is a short-lived ES256 JWT you sign with a .p8 private key — not a static string
The callback is POST (form_post), not GET
User info comes from the id_token JWT, not a userinfo endpoint
Apple only sends the user’s name on the first authorization — subsequent logins only have email + sub

Generated a fresh client secret per request to avoid stale-secret bugs. Used ParseUnverified on the id_token since it comes server-to-server from Apple’s token endpoint over TLS.

Posts for: #Oauth

prism gets auth, goes to production, and fights safari

Posts for: #Oauth

prism gets auth, goes to production, and fights safari

sign in with everything