fix(oauth): correct parameter order for sign_in_identity and sign_up_identity

The database functions expect (remember_me, device_token) but the code
was passing (device_token, remember_me). Fixed the SQL parameter types
and argument order to match the database function signatures.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: theothersideofgod

graphql/server/src/middleware/oauth.ts

@@ -471,7 +471,7 @@ export function createOAuthRoutes(opts: ConstructiveOptions): Router {
 
         const signInSql = `
           SELECT * FROM "${privateSchema}".sign_in_identity(
-            $1::text, $2::text, $3::jsonb, $4::text, 'access_token'::text, $5::text, $6::boolean
+            $1::text, $2::text, $3::jsonb, $4::text, 'access_token'::text, $5::boolean, $6::text
           )
         `;
 
@@ -481,8 +481,8 @@ export function createOAuthRoutes(opts: ConstructiveOptions): Router {
             profile.providerId,
             JSON.stringify(details),
             profile.email,
-            deviceToken,
             true,
+            deviceToken,
           ]);
 
           result = signInResult.rows[0] || {};
@@ -518,7 +518,7 @@ export function createOAuthRoutes(opts: ConstructiveOptions): Router {
           // Call sign_up_identity (using same client with JWT context)
           const signUpSql = `
             SELECT * FROM "${privateSchema}".sign_up_identity(
-              $1::text, $2::text, $3::text, $4::jsonb, 'access_token'::text, $5::text, $6::boolean
+              $1::text, $2::text, $3::text, $4::jsonb, 'access_token'::text, $5::boolean, $6::text
             )
           `;
 
@@ -527,8 +527,8 @@ export function createOAuthRoutes(opts: ConstructiveOptions): Router {
             profile.providerId,
             profile.email,
             JSON.stringify(details),
-            deviceToken,
             true,
+            deviceToken,
           ]);
 
           result = signUpResult.rows[0] || {};