binarybeachio: account chooser, brand logo, session convention

Three small fork tweaks bundled together; none touch upload flow: * OIDC: pass `prompt=select_account` so Zitadel always shows its account picker rather than silently passing through an existing session. Override with OIDC_PROMPT env var. * Branding: swap "with binarybeach.io" -> "with BinaryBeach.io" and replace GitHub light/dark logo imports with our brand mark (works on both themes). * Session: thread the binarybeachio session-lifecycle convention values (SESSION_COOKIE_AGE, ADMIN_SESSION_COOKIE_AGE, SESSION_SAVE_EVERY_REQUEST) through docker-compose.bb-local.yml app-env mixin and document the cross-fork convention link in BINARYBEACHIO.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 14:51:21 -10:00 · 2026-04-30 14:51:21 -10:00 · 7c21b985d9
commit 7c21b985d9
parent 46440c2720
5 changed files with 27 additions and 11 deletions
--- a/apps/api/plane/authentication/provider/oauth/github.py
+++ b/apps/api/plane/authentication/provider/oauth/github.py
@ -111,8 +111,19 @@ class GitHubOAuthProvider(OauthAdapter):
            "state": state,
        }
        # OIDC requires response_type=code; GitHub OAuth tolerates it.
+        # `prompt=select_account` makes Zitadel show its account chooser even
+        # when only one session exists — the user explicitly chooses which
+        # identity to use rather than being silently passed through. Without
+        # this, the OIDC default is "session exists → log in immediately,"
+        # which is technically correct SSO but is an unfamiliar UX coming
+        # from Google/GitHub style flows that always show a picker.
+        # Override per-request by setting `OIDC_PROMPT=` (empty) or another
+        # value (`login` to force re-auth, `consent` to force consent screen).
        if os.environ.get("ZITADEL_DOMAIN"):
            url_params["response_type"] = "code"
+            prompt = os.environ.get("OIDC_PROMPT", "select_account")
+            if prompt:
+                url_params["prompt"] = prompt
        auth_url = f"{self._auth_url_base}?{urlencode(url_params)}"
        super().__init__(
            request,
--- a/apps/web/app/assets/logos/binarybeach-logo.png
+++ b/apps/web/app/assets/logos/binarybeach-logo.png
--- a/apps/web/core/hooks/oauth/core.tsx
+++ b/apps/web/core/hooks/oauth/core.tsx
@ -11,8 +11,9 @@ import { API_BASE_URL } from "@plane/constants";
 import type { TOAuthConfigs, TOAuthOption } from "@plane/types";
 // assets
 import giteaLogo from "@/app/assets/logos/gitea-logo.svg?url";
-import GithubLightLogo from "@/app/assets/logos/github-black.png?url";
-import GithubDarkLogo from "@/app/assets/logos/github-dark.svg?url";
+// binarybeachio fork: swapped GitHub logo imports for our brand logo. Same
+// asset for light and dark theme (the orange/teal palette reads on both).
+import BinarybeachLogo from "@/app/assets/logos/binarybeach-logo.png?url";
 import gitlabLogo from "@/app/assets/logos/gitlab-logo.svg?url";
 import googleLogo from "@/app/assets/logos/google-logo.svg?url";
 // hooks
@ -51,15 +52,8 @@ export const useCoreOAuthConfig = (oauthActionText: string): TOAuthConfigs => {
      // Zitadel — see provider/oauth/github.py). Branding is rebranded here;
      // backend identifiers (route, env vars, DB provider key) stay "github".
      id: "github",
-      text: `${oauthActionText} with binarybeach.io`,
-      icon: (
-        <img
-          src={resolvedTheme === "dark" ? GithubDarkLogo : GithubLightLogo}
-          height={18}
-          width={18}
-          alt="binarybeach.io SSO"
-        />
-      ),
+      text: `${oauthActionText} with BinaryBeach.io`,
+      icon: <img src={BinarybeachLogo} height={18} width={18} alt="Binary Beach" />,
      onClick: () => {
        window.location.assign(`${API_BASE_URL}/auth/github/${next_path ? `?next_path=${next_path}` : ``}`);
      },