Skip to content

feat(auth): OAuth-only signup with Microsoft provider#5073

Merged
TheodoreSpeaks merged 6 commits into
stagingfrom
feat/remove-email-login
Jun 15, 2026
Merged

feat(auth): OAuth-only signup with Microsoft provider#5073
TheodoreSpeaks merged 6 commits into
stagingfrom
feat/remove-email-login

Conversation

@TheodoreSpeaks

@TheodoreSpeaks TheodoreSpeaks commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Remove email/password form from /signup — Google, Microsoft, and GitHub OAuth only to deter bot signups
  • Add Microsoft as a first-class social provider via Better Auth socialProviders (env: MICROSOFT_CLIENT_ID / MICROSOFT_CLIENT_SECRET / DISABLE_MICROSOFT_AUTH)
  • Wire microsoftAvailable through provider checker, API contract, providers route, login form, signup form, and landing page auth modal
  • Hide "Continue with email" in auth modal signup view — login view is completely unchanged
  • Fix MicrosoftIcon SVG to use official brand colors (#F1511B, #80CC28, #00ADEF, #FBBC09) and correct proportions

Type of Change

  • New feature

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@TheodoreSpeaks
feat(auth): OAuth-only signup with Microsoft provider
6932c85 
- Remove email/password form from /signup — Google, Microsoft, GitHub OAuth only
- Add Microsoft as a social provider (MICROSOFT_CLIENT_ID / MICROSOFT_CLIENT_SECRET / DISABLE_MICROSOFT_AUTH)
- Wire microsoftAvailable through provider checker, API contract, providers route, and all auth UI
- Hide "Continue with email" in auth modal signup view; login view unchanged
- Fix MicrosoftIcon SVG to use official brand colors and proportions
@vercel

vercel Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jun 15, 2026 11:33pm

Request Review

@cursor

cursor Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

PR Summary

High Risk
Changes authentication entry points (new OAuth provider, signup restrictions, and server-side sign-up blocking), which are security-sensitive and affect who can create accounts.

Overview
Adds Microsoft as a social sign-in/sign-up option end-to-end: Better Auth microsoft provider (when credentials are set and not disabled), microsoftAvailable on the provider checker/API contract, and buttons on login, signup, social login, and the landing auth modal. DISABLE_MICROSOFT_AUTH can hide Microsoft even with credentials configured.

Introduces DISABLE_EMAIL_SIGNUP to block new email/password registrations on the server (/sign-up/email) while leaving email login unchanged. Signup UI gates the email form on emailSignupEnabled (from that flag); the auth modal only shows “Continue with email” on the login view, not signup.

Updates the Microsoft brand icon SVG. Includes a generated copilot tool-schema key style tweak (quoted keys → bare identifiers) with no behavioral change.

Reviewed by Cursor Bugbot for commit e6d4bf2. Bugbot is set up for automated code reviews on this repo. Configure here.

cursor[bot]
cursor Bot reviewed Jun 15, 2026
View reviewed changes
Comment thread apps/sim/app/(auth)/signup/signup-form.tsx
@greptile-apps

greptile-apps Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds Microsoft as a first-class OAuth provider and restricts new registrations to OAuth-only by hiding the email/password signup form while leaving email login untouched. The change is well-layered: server-side guard (isEmailSignupDisabled in the Better Auth before hook), feature-flag, env-var, API contract, and every UI surface (auth modal, signup form, login form, landing modal) are all updated consistently.

  • Microsoft OAuth is conditionally registered in Better Auth only when both credentials are present and the disable flag is off, following the same pattern as the existing Google/GitHub providers.
  • emailEnabled on the signup path now AND-gates the NEXT_PUBLIC_EMAIL_PASSWORD_SIGNUP_ENABLED client flag with the new server-side emailSignupEnabled prop, preventing the email form from rendering even if the public env var is permissive.
  • The MicrosoftIcon SVG is refreshed with official brand colours; the tool-schemas-v1.ts file receives a cosmetic cleanup removing unnecessary bracket syntax from string literal keys.

Confidence Score: 5/5

Safe to merge — the email signup restriction is enforced at three independent layers so no single misconfiguration can bypass it, and the Microsoft OAuth wiring mirrors the existing Google/GitHub pattern throughout.

All changed paths are straightforward additions that follow established patterns. The dual-layer email-signup guard is solid. No broken auth flows, no data exposure, no regressions in the login path.

No files require special attention. The SVG coordinate/viewBox mismatch in icons.tsx and the hardcoded provider list in the auth hook error message are cosmetic nits.

Important Files Changed

Filename Overview
apps/sim/lib/auth/auth.ts Adds Microsoft to socialProviders conditionally on credentials + flag; adds isEmailSignupDisabled guard on /sign-up/email path before the allowlist check.
apps/sim/app/(landing)/components/auth-modal/auth-modal.tsx Adds Microsoft button to the provider list and hides the Continue with email option specifically in the signup view; FALLBACK_STATUS and ProviderStatus are updated consistently.
apps/sim/app/(auth)/signup/signup-form.tsx Refactors IIFE visibility logic into top-level consts and adds emailSignupEnabled prop that AND-gates the email form.
apps/sim/components/icons.tsx MicrosoftIcon updated to official brand colours; polygon coordinates extend to 109.3 while the viewBox is declared as 0 0 109 109, causing a fractional clip on the right/bottom edges.
apps/sim/lib/core/config/env.ts Adds DISABLE_MICROSOFT_AUTH and DISABLE_EMAIL_SIGNUP env vars; MICROSOFT_CLIENT_ID and MICROSOFT_CLIENT_SECRET were pre-existing from the Teams integration.
apps/sim/lib/api/contracts/auth.ts Adds microsoftAvailable boolean to the provider status response schema, keeping client and server in sync.
apps/sim/app/api/auth/providers/route.ts Passes microsoftAvailable through the GET handler response, matching the updated contract schema.
apps/sim/lib/core/config/feature-flags.ts Adds isMicrosoftAuthDisabled and isEmailSignupDisabled flags following the same pattern as the existing auth-disable flags.
apps/sim/lib/copilot/generated/tool-schemas-v1.ts Cosmetic-only change: removes unnecessary bracket syntax around string literal keys throughout the generated schema file.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[User opens auth modal] --> B{view === signup?}
    B -- yes --> C[Show OAuth buttons only]
    B -- no / login --> D[Show OAuth buttons + Continue with email]
    C --> E[OAuth redirect]
    D --> F{Email clicked?}
    F -- yes --> G[Redirect to /login page]
    F -- no --> E
    H[User visits /signup directly] --> I{emailEnabled?}
    I -- yes --> J[Show email/password form + OAuth buttons]
    I -- no --> K[Show OAuth buttons only]
    J --> L[POST /sign-up/email]
    L --> M{isEmailSignupDisabled in Better Auth hook?}
    M -- yes --> N[403 FORBIDDEN]
    M -- no --> O[Account created]
    K --> E
Loading 
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[User opens auth modal] --> B{view === signup?}
    B -- yes --> C[Show OAuth buttons only]
    B -- no / login --> D[Show OAuth buttons + Continue with email]
    C --> E[OAuth redirect]
    D --> F{Email clicked?}
    F -- yes --> G[Redirect to /login page]
    F -- no --> E
    H[User visits /signup directly] --> I{emailEnabled?}
    I -- yes --> J[Show email/password form + OAuth buttons]
    I -- no --> K[Show OAuth buttons only]
    J --> L[POST /sign-up/email]
    L --> M{isEmailSignupDisabled in Better Auth hook?}
    M -- yes --> N[403 FORBIDDEN]
    M -- no --> O[Account created]
    K --> E
Loading

Reviews (2): Last reviewed commit: "fix(config): restore isHosted hostname c..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 15, 2026
View reviewed changes
Comment thread apps/sim/app/(auth)/signup/signup-form.tsx Outdated
Comment thread apps/sim/app/(auth)/signup/signup-form.tsx
Comment thread apps/sim/app/(auth)/components/social-login-buttons.tsx
cursor[bot]
cursor Bot reviewed Jun 15, 2026
View reviewed changes
Comment thread apps/sim/app/(auth)/signup/signup-form.tsx Outdated
cursor[bot]
cursor Bot reviewed Jun 15, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 2 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 8ad4fe9. Configure here.

Comment thread apps/sim/lib/core/config/feature-flags.ts Outdated
Comment thread apps/sim/lib/auth/auth.ts
@TheodoreSpeaks

TheodoreSpeaks commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator Author

@greptile review

@TheodoreSpeaks TheodoreSpeaks merged commit a49e755 into staging Jun 15, 2026
15 checks passed
@TheodoreSpeaks TheodoreSpeaks deleted the feat/remove-email-login branch June 15, 2026 23:47
@waleedlatif1 waleedlatif1 mentioned this pull request Jun 16, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TheodoreSpeaks