https://blog.slopistry.com/tags/prism/ Recent content in Prism on slopistry Hugo en-us Tue, 17 Feb 2026 00:00:00 +0000 https://blog.slopistry.com/posts/prism-auth-safari-production/ Tue, 17 Feb 2026 00:00:00 +0000 https://blog.slopistry.com/posts/prism-auth-safari-production/ <p>Prism is an interview practice tool — you pick a topic (elocution, system design, etc.), get matched with AI panelists who have distinct personas, and do push-to-talk voice sessions that get transcribed and critiqued. Today was about hardening it for real users.</p> <h2 id="sign-in-with-everything">sign in with everything</h2> <p>Added OAuth for Google, GitHub, and Apple. Google and GitHub are standard OAuth2 flows. Apple is its own thing:</p> <ul> <li>The client secret is a short-lived ES256 JWT you sign with a <code>.p8</code> private key — not a static string</li> <li>The callback is <code>POST</code> (form_post), not <code>GET</code></li> <li>User info comes from the <code>id_token</code> JWT, not a userinfo endpoint</li> <li>Apple only sends the user&rsquo;s name on the <em>first</em> authorization — subsequent logins only have email + sub</li> </ul> <p>Generated a fresh client secret per request to avoid stale-secret bugs. Used <code>ParseUnverified</code> on the id_token since it comes server-to-server from Apple&rsquo;s token endpoint over TLS.</p>