binarybeachio: repurpose GitHub OAuth as Zitadel OIDC

Patches the plane-backend GitHubOAuthProvider so the /auth/github/* flow points at our self-hosted Zitadel instance when ZITADEL_DOMAIN is set, and falls back to vanilla GitHub OAuth when unset (regression- safe). Touch surface is one backend file plus a cosmetic frontend label change. Full rationale, configuration steps, refresh procedure, and AGPL compliance notes in BINARYBEACHIO.md at repo root.
2026-04-29 16:50:40 -10:00 · 2026-04-29 16:50:40 -10:00 · 2a78f0e0ce
commit 2a78f0e0ce
parent cf696d200d
3 changed files with 291 additions and 83 deletions
--- a/apps/web/core/hooks/oauth/core.tsx
+++ b/apps/web/core/hooks/oauth/core.tsx
@ -46,14 +46,18 @@ export const useCoreOAuthConfig = (oauthActionText: string): TOAuthConfigs => {
      enabled: config?.is_google_enabled,
    },
    {
+      // binarybeachio fork — this OAuth slot is repurposed as our Zitadel SSO
+      // entry point (the backend's GitHubOAuthProvider was patched to point at
+      // Zitadel — see provider/oauth/github.py). Branding is rebranded here;
+      // backend identifiers (route, env vars, DB provider key) stay "github".
      id: "github",
-      text: `${oauthActionText} with GitHub`,
+      text: `${oauthActionText} with binarybeach.io`,
      icon: (
        <img
          src={resolvedTheme === "dark" ? GithubDarkLogo : GithubLightLogo}
          height={18}
          width={18}
-          alt="GitHub Logo"
+          alt="binarybeach.io SSO"
        />
      ),
      onClick: () => {