Fix onboarding shared OAuth provider persistence

[N2D4]

Fixes Google/GitHub/Microsoft shared OAuth providers selected during new-project onboarding not being persisted into the project environment config.

• Reuses the shared-provider list for onboarding OAuth preview and config updates
• Writes environment OAuth config only for onboarding methods that can use shared keys
• Adds a regression test that completes onboarding with Google selected and asserts the provider config update is saved before completion

Validation:

• pnpm test run apps/dashboard/src/app/'(main)'/'(protected)'/'(outside-dashboard)'/new-project/page-client-parts/project-onboarding-wizard.test.tsx
• pnpm lint --fix
• pnpm --filter @stackframe/dashboard typecheck

Note: full pnpm typecheck currently fails in @stackframe/backend because generated Prisma artifacts are missing (@/generated/prisma/client), while dashboard typecheck passes.

Link to Devin session: https://app.devin.ai/sessions/fe87aa598a524ab0822341324c03d90c
Requested by: @N2D4

Summary by CodeRabbit

• Bug Fixes

  • Improved OAuth provider handling during project onboarding so shared authentication methods are reliably persisted.

• Refactor

  • Onboarding now derives shared OAuth options from a consolidated source, streamlining how provider selections are assembled and saved.

• Tests

  • Added tests verifying shared OAuth provider selections are preserved and onboarding completion behavior triggers as expected.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
stack-auth-hosted-components	Ready	Preview, Comment	May 23, 2026 12:50am
stack-auth-mcp	Ready	Preview, Comment	May 23, 2026 12:50am
stack-auth-skills	Ready	Preview, Comment	May 23, 2026 12:50am
stack-backend	Ready	Preview, Comment	May 23, 2026 12:50am
stack-dashboard	Ready	Preview, Comment	May 23, 2026 12:50am
stack-demo	Ready	Preview, Comment	May 23, 2026 12:50am
stack-docs	Ready	Preview, Comment	May 23, 2026 12:50am
stack-preview-backend	Ready	Preview, Comment	May 23, 2026 12:50am
stack-preview-dashboard	Ready	Preview, Comment	May 23, 2026 12:50am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 50e98eae-00d2-4c40-827c-a7632c180610

📥 Commits

Reviewing files that changed from the base of the PR and between 81b580c and 98d48d3.

📒 Files selected for processing (1)

• apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.test.tsx

---

📝 Walkthrough

Walkthrough

The PR centralizes shared OAuth provider definitions in SHARED_OAUTH_SIGN_IN_METHODS, updates the onboarding wizard to use it for preview and environment config updates, and expands tests to verify shared-provider persistence and onboarding completion behavior.

Changes

OAuth Shared Provider Configuration

Layer / File(s)	Summary
Shared OAuth provider constant definition apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/shared.ts	SHARED_OAUTH_SIGN_IN_METHODS is introduced by filtering sharedProviders against supported OAuth sign-in methods. OAUTH_SIGN_IN_METHODS typing uses satisfies SignInMethod[].
Onboarding wizard OAuth provider handling apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.tsx	Remove unused allProviders, import and apply SHARED_OAUTH_SIGN_IN_METHODS to compute preview oauthProviders, and refactor buildEnvironmentOAuthConfigUpdate to iterate shared providers and set per-provider objects or null.
Test coverage for shared OAuth provider persistence apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.test.tsx	Hoist a shared mockUpdateConfig spy, mock both allProviders and sharedProviders, clear mock state in afterEach, and add a test validating persistence of shared OAuth selections and onboarding completion callbacks.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hopped through code with careful paws,
Shared providers gathered, no more flaws,
Preview and config now sing in tune,
Tests clap softly under the moon,
Onboarding finishes — a celebratory boon!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main fix: addressing the persistence issue with shared OAuth providers during onboarding.
Description check	✅ Passed	The description provides clear context about the bug being fixed, explains the changes made (reusing shared-provider list, scoped config updates, regression test), includes validation steps, and references the related issue.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch devin/1779492335-onboarding-google-provider

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR fixes a bug where shared OAuth providers (Google, GitHub, Microsoft) selected during new-project onboarding were not being persisted to the project environment config. It refactors buildEnvironmentOAuthConfigUpdate to iterate over SHARED_OAUTH_SIGN_IN_METHODS (derived dynamically from the sharedProviders list in the OAuth utils) instead of a hardcoded triple, and similarly fixes the authPreviewProject OAuth list to use only providers that actually support shared keys.

• Introduces SHARED_OAUTH_SIGN_IN_METHODS in shared.ts as the intersection of sharedProviders and OAUTH_SIGN_IN_METHODS, making the onboarding wizard data-driven rather than hardcoded.
• Replaces the per-render vi.fn() mock in tests with a stable hoisted mockUpdateConfig so call counts can be tracked across async renders, and adds a regression test that verifies the OAuth environment config update is issued (with the correct isShared: true shape) before the wizard completes.

Confidence Score: 4/5

Safe to merge; the changes are logically consistent and the new regression test validates the complete two-stage updateConfig flow end-to-end.

The refactoring correctly replaces hardcoded provider entries with a dynamic loop over SHARED_OAUTH_SIGN_IN_METHODS, and the new constant is computed accurately as the intersection of sharedProviders and OAUTH_SIGN_IN_METHODS. The regression test uses a stable shared mock so it can actually assert call counts across async renders. No logic changes to finalizeOnboarding itself, and the dev-environment branch (which intentionally omits isShared) is untouched.

No files require special attention; shared.ts is the most load-bearing change and its type predicate correctly narrows the filtered array.

Important Files Changed

Filename	Overview
apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/shared.ts	Adds SHARED_OAUTH_SIGN_IN_METHODS as the runtime intersection of sharedProviders and OAUTH_SIGN_IN_METHODS; correctly excludes "spotify" which is shared but not a SignInMethod.
apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.tsx	Replaces hardcoded google/github/microsoft entries in buildEnvironmentOAuthConfigUpdate and authPreviewProject with a dynamic loop over SHARED_OAUTH_SIGN_IN_METHODS; finalizeOnboarding logic is unchanged.
apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.test.tsx	Promotes the per-render vi.fn() to a stable hoisted mock so call counts are trackable; adds a regression test that validates the two-stage updateConfig flow (branch config then OAuth env config) before onboarding completes.

Sequence Diagram

sequenceDiagram
    participant User
    participant WelcomeSlide
    participant finalizeOnboarding
    participant updateConfig
    participant setProjectOnboardingStatus

    User->>WelcomeSlide: Click "Get Started"
    WelcomeSlide->>finalizeOnboarding: onFinish()
    finalizeOnboarding->>finalizeOnboarding: persistOnboardingState()
    finalizeOnboarding->>updateConfig: buildBranchConfigUpdate() [pushable: true]
    updateConfig-->>finalizeOnboarding: true
    alt "isDevelopmentEnvironment = false"
        finalizeOnboarding->>updateConfig: "buildEnvironmentOAuthConfigUpdate()<br/>SHARED_OAUTH_SIGN_IN_METHODS loop [pushable: false]"
        updateConfig-->>finalizeOnboarding: true
    end
    finalizeOnboarding->>setProjectOnboardingStatus: "completed"
    finalizeOnboarding->>finalizeOnboarding: clearOnboardingState()
    finalizeOnboarding->>User: onComplete()

Loading

_{Reviews (1): Last reviewed commit: "Fix onboarding shared OAuth provider per..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@apps/dashboard/src/app/`(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.test.tsx:
- Around line 292-312: The test currently only awaits mockUpdateConfig inside
waitFor which can allow the completion assertions to race; update the test so
the assertions for mockUpdateConfig (including
expect(mockUpdateConfig).toHaveBeenCalledTimes(2) and
expect(mockUpdateConfig).toHaveBeenNthCalledWith(2, { ... })) and the completion
assertions for setStatus, clearOnboardingState, and onComplete are all placed
inside the same waitFor callback; ensure you reference the existing symbols
mockUpdateConfig, setStatus, clearOnboardingState, and onComplete so the test
synchronizes the full async tail and avoids flakiness.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8c75cc30-8410-4899-8297-ee610708d04c

📥 Commits

Reviewing files that changed from the base of the PR and between 4f6eebd and 81b580c.

📒 Files selected for processing (3)

• apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.test.tsx
• apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/project-onboarding-wizard.tsx
• apps/dashboard/src/app/(main)/(protected)/(outside-dashboard)/new-project/page-client-parts/shared.ts