binarybeachio: account chooser, brand logo, session convention

Three small fork tweaks bundled together; none touch upload flow: * OIDC: pass `prompt=select_account` so Zitadel always shows its account picker rather than silently passing through an existing session. Override with OIDC_PROMPT env var. * Branding: swap "with binarybeach.io" -> "with BinaryBeach.io" and replace GitHub light/dark logo imports with our brand mark (works on both themes). * Session: thread the binarybeachio session-lifecycle convention values (SESSION_COOKIE_AGE, ADMIN_SESSION_COOKIE_AGE, SESSION_SAVE_EVERY_REQUEST) through docker-compose.bb-local.yml app-env mixin and document the cross-fork convention link in BINARYBEACHIO.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 14:51:21 -10:00 · 2026-04-30 14:51:21 -10:00 · 7c21b985d9
commit 7c21b985d9
parent 46440c2720
5 changed files with 27 additions and 11 deletions
--- a/BINARYBEACHIO.md
+++ b/BINARYBEACHIO.md
@ -53,6 +53,12 @@ Files **not** changed (deliberately):
 - `apps/admin/...` — god-mode UI still says "GitHub" provider; only the operator (us) sees it, not worth the patch surface.
 - `apps/space/...` — public sharing site OAuth, not a priority for v1.

+## Cross-fork conventions adopted
+
+This fork pulls in binarybeachio's [session lifecycle convention](https://git.binarybeach.io/binarybeach/binarybeachio-platform/src/branch/main/docs/features/session-lifecycle.md) — 15-min idle timeout, slide-on-activity. Applied automatically by `bootstrap.py` at deploy. To override for this fork specifically, set `SESSION_COOKIE_AGE` / `ADMIN_SESSION_COOKIE_AGE` / `SESSION_SAVE_EVERY_REQUEST` in `infrastructure/plane/.env` over in the binarybeachio repo (per-app .env beats convention).
+
+Local-test stack (`docker-compose.bb-local.yml`) hard-codes the same values inline since cross-repo file references in compose are awkward; this is a documented, accepted small duplication.
+
 ## Required runtime config

 Set these env vars on the patched `plane-backend` container (binarybeachio sets them in `infrastructure/plane/.env`):
--- a/apps/api/plane/authentication/provider/oauth/github.py
+++ b/apps/api/plane/authentication/provider/oauth/github.py
@ -111,8 +111,19 @@ class GitHubOAuthProvider(OauthAdapter):
            "state": state,
        }
        # OIDC requires response_type=code; GitHub OAuth tolerates it.
+        # `prompt=select_account` makes Zitadel show its account chooser even
+        # when only one session exists — the user explicitly chooses which
+        # identity to use rather than being silently passed through. Without
+        # this, the OIDC default is "session exists → log in immediately,"
+        # which is technically correct SSO but is an unfamiliar UX coming
+        # from Google/GitHub style flows that always show a picker.
+        # Override per-request by setting `OIDC_PROMPT=` (empty) or another
+        # value (`login` to force re-auth, `consent` to force consent screen).
        if os.environ.get("ZITADEL_DOMAIN"):
            url_params["response_type"] = "code"
+            prompt = os.environ.get("OIDC_PROMPT", "select_account")
+            if prompt:
+                url_params["prompt"] = prompt
        auth_url = f"{self._auth_url_base}?{urlencode(url_params)}"
        super().__init__(
            request,
--- a/apps/web/app/assets/logos/binarybeach-logo.png
+++ b/apps/web/app/assets/logos/binarybeach-logo.png
--- a/apps/web/core/hooks/oauth/core.tsx
+++ b/apps/web/core/hooks/oauth/core.tsx
@ -11,8 +11,9 @@ import { API_BASE_URL } from "@plane/constants";
 import type { TOAuthConfigs, TOAuthOption } from "@plane/types";
 // assets
 import giteaLogo from "@/app/assets/logos/gitea-logo.svg?url";
-import GithubLightLogo from "@/app/assets/logos/github-black.png?url";
-import GithubDarkLogo from "@/app/assets/logos/github-dark.svg?url";
+// binarybeachio fork: swapped GitHub logo imports for our brand logo. Same
+// asset for light and dark theme (the orange/teal palette reads on both).
+import BinarybeachLogo from "@/app/assets/logos/binarybeach-logo.png?url";
 import gitlabLogo from "@/app/assets/logos/gitlab-logo.svg?url";
 import googleLogo from "@/app/assets/logos/google-logo.svg?url";
 // hooks
@ -51,15 +52,8 @@ export const useCoreOAuthConfig = (oauthActionText: string): TOAuthConfigs => {
      // Zitadel — see provider/oauth/github.py). Branding is rebranded here;
      // backend identifiers (route, env vars, DB provider key) stay "github".
      id: "github",
-      text: `${oauthActionText} with binarybeach.io`,
-      icon: (
-        <img
-          src={resolvedTheme === "dark" ? GithubDarkLogo : GithubLightLogo}
-          height={18}
-          width={18}
-          alt="binarybeach.io SSO"
-        />
-      ),
+      text: `${oauthActionText} with BinaryBeach.io`,
+      icon: <img src={BinarybeachLogo} height={18} width={18} alt="Binary Beach" />,
      onClick: () => {
        window.location.assign(`${API_BASE_URL}/auth/github/${next_path ? `?next_path=${next_path}` : ``}`);
      },
--- a/docker-compose.bb-local.yml
+++ b/docker-compose.bb-local.yml
@ -99,6 +99,11 @@ x-app-env: &app-env
  ZITADEL_DOMAIN: ${ZITADEL_DOMAIN:-auth.binarybeach.io}
  GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID}
  GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET}
+  # === binarybeachio session-lifecycle convention (15 min idle, slide-on-activity) ===
+  # Canonical: binarybeachio/infrastructure/_shared/.env.session-convention
+  SESSION_COOKIE_AGE: ${SESSION_COOKIE_AGE:-900}
+  ADMIN_SESSION_COOKIE_AGE: ${ADMIN_SESSION_COOKIE_AGE:-900}
+  SESSION_SAVE_EVERY_REQUEST: ${SESSION_SAVE_EVERY_REQUEST:-1}

 services:
  api: