Authentication and authorization for real_deal platform including third-party login (WeChat, Apple, Google, GitHub, LinkedIn), OAuth/OIDC flows, account merging, session management, and security best practices. Use when implementing login systems, handling OAuth callbacks, managing user sessions, or working with identity providers.
state and noncecode_challengestate/noncecode_verifier to exchange tokensAutomatic Binding:
Manual Binding:
WeChat/No Email:
unionid/openid as unique keyUser - User profileUserIdentity - Provider linkage (provider/subject/verifiedEmail/linkedAt)Session - Active sessionsRefreshToken - Hashed storage with revocationhttpOnly / Secure / SameSite=Laxstate and nonce parameters