objectstack-ai
diff --git a/‎apps/server/objectstack.config.ts‎
Lines changed: 61 additions & 0 deletions b/‎apps/server/objectstack.config.ts‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎apps/server/server/bootstrap.ts‎
Lines changed: 6 additions & 3 deletions b/‎apps/server/server/bootstrap.ts‎
Lines changed: 6 additions & 3 deletions
diff --git a/‎apps/studio/src/components/auth/social-sign-in-buttons.tsx‎
Lines changed: 73 additions & 0 deletions b/‎apps/studio/src/components/auth/social-sign-in-buttons.tsx‎
Lines changed: 73 additions & 0 deletions
diff --git a/‎apps/studio/src/routes/__root.tsx‎
Lines changed: 1 addition & 1 deletion b/‎apps/studio/src/routes/__root.tsx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎apps/studio/src/routes/login.tsx‎
Lines changed: 71 additions & 45 deletions b/‎apps/studio/src/routes/login.tsx‎
Lines changed: 71 additions & 45 deletions
@@ -27,6 +27,7 @@ import { MetadataPlugin } from '@objectstack/metadata';
 import { AIServicePlugin } from '@objectstack/service-ai';
 import { AutomationServicePlugin } from '@objectstack/service-automation';
 import { AnalyticsServicePlugin } from '@objectstack/service-analytics';
+import type { SocialProviderConfig, OidcProvidersConfig } from '@objectstack/spec/system';
 import { fileURLToPath } from 'node:url';
 import { dirname, resolve } from 'node:path';
 
@@ -38,6 +39,64 @@ const baseUrl = process.env.NEXT_PUBLIC_BASE_URL
     ? `https://${process.env.VERCEL_URL}` : undefined)
   ?? 'http://localhost:3000';
 
+function buildSocialProviders(): SocialProviderConfig | undefined {
+  const providers: SocialProviderConfig = {};
+  if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
+    providers.google = {
+      clientId: process.env.GOOGLE_CLIENT_ID,
+      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
+      ...(process.env.GOOGLE_OAUTH_SCOPES
+        ? { scope: process.env.GOOGLE_OAUTH_SCOPES.split(',').map((s) => s.trim()) }
+        : {}),
+    };
+  }
+  if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
+    providers.github = {
+      clientId: process.env.GITHUB_CLIENT_ID,
+      clientSecret: process.env.GITHUB_CLIENT_SECRET,
+    };
+  }
+  if (process.env.MICROSOFT_CLIENT_ID && process.env.MICROSOFT_CLIENT_SECRET) {
+    providers.microsoft = {
+      clientId: process.env.MICROSOFT_CLIENT_ID,
+      clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
+      ...(process.env.MICROSOFT_TENANT_ID
+        ? { tenantId: process.env.MICROSOFT_TENANT_ID }
+        : {}),
+    };
+  }
+  if (process.env.APPLE_CLIENT_ID && process.env.APPLE_CLIENT_SECRET) {
+    providers.apple = {
+      clientId: process.env.APPLE_CLIENT_ID,
+      clientSecret: process.env.APPLE_CLIENT_SECRET,
+    };
+  }
+  const keys = Object.keys(providers);
+  if (keys.length > 0) {
+    console.info(`[auth] enabled social providers: ${keys.join(', ')}`);
+    return providers;
+  }
+  return undefined;
+}
+
+function buildOidcProviders(): OidcProvidersConfig | undefined {
+  const raw = process.env.OIDC_PROVIDERS;
+  if (!raw) return undefined;
+  try {
+    const parsed = JSON.parse(raw) as OidcProvidersConfig;
+    if (Array.isArray(parsed) && parsed.length > 0) {
+      console.info(`[auth] enabled OIDC providers: ${parsed.map(p => p.providerId).join(', ')}`);
+      return parsed;
+    }
+  } catch {
+    console.warn('[auth] Failed to parse OIDC_PROVIDERS env var — expected a JSON array');
+  }
+  return undefined;
+}
+
+const socialProviders = buildSocialProviders();
+const oidcProviders = buildOidcProviders();
+
 // Turso driver for sys namespace — remote when env vars are configured, local SQLite otherwise
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const tursoDriver = new TursoDriver(
@@ -93,6 +152,8 @@ export default defineStack({
       secret: process.env.AUTH_SECRET ?? 'dev-secret-please-change-in-production-min-32-chars',
       baseUrl,
       plugins: { organization: true },
+      ...(socialProviders ? { socialProviders } : {}),
+      ...(oidcProviders ? { oidcProviders } : {}),
     }),
     new SecurityPlugin(),
     new AuditPlugin(),
 
@@ -91,9 +91,12 @@ async function bootstrapSingle(): Promise<BootstrapResult> {
     // apps/plugins it references. A schema drift in one of the examples
     // shouldn't crash multi-project boots (or the E2E test harness) when
     // they don't need those bundles at all.
-    const dyn = (spec: string) =>
-        (new Function('s', 'return import(s)') as (s: string) => Promise<any>)(spec);
-    const stackConfig = (await dyn('../objectstack.config.ts')).default;
+    //
+    // Use a proper dynamic import (not Function constructor) so esbuild can
+    // bundle the config into the Vercel handler. The Function constructor
+    // bypasses static analysis and prevents bundling, causing runtime errors
+    // when the source .ts file isn't deployed.
+    const stackConfig = (await import('../objectstack.config.js')).default;
 
     if (!stackConfig.plugins || stackConfig.plugins.length === 0) {
         throw new Error('[Bootstrap] No plugins found in stackConfig');
 
@@ -0,0 +1,73 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { useEffect, useState } from 'react';
+import { useClient } from '@objectstack/client-react';
+import { Button } from '@/components/ui/button';
+
+interface SocialProvider {
+  id: string;
+  name: string;
+  enabled: boolean;
+  type?: 'social' | 'oidc';
+}
+
+interface Props {
+  mode: 'sign-in' | 'sign-up';
+}
+
+export function SocialSignInButtons({ mode }: Props) {
+  const client = useClient() as any;
+  const [providers, setProviders] = useState<SocialProvider[]>([]);
+  const [loading, setLoading] = useState(true);
+
+  useEffect(() => {
+    if (!client?.auth?.getConfig) return;
+    client.auth.getConfig()
+      .then((res: any) => {
+        const list: SocialProvider[] = res?.socialProviders ?? res?.data?.socialProviders ?? [];
+        setProviders(list.filter((p) => p.enabled));
+      })
+      .catch((err: unknown) => {
+        console.warn('[SocialSignInButtons] failed to load auth config', err);
+      })
+      .finally(() => setLoading(false));
+  }, [client]);
+
+  if (loading || providers.length === 0) return null;
+
+  const label = mode === 'sign-in' ? 'Continue with' : 'Sign up with';
+
+  return (
+    <div className="flex flex-col gap-2">
+      {providers.map((p) => (
+        <Button
+          key={p.id}
+          type="button"
+          variant="outline"
+          className="w-full"
+          onClick={() =>
+            client.auth.signInWithProvider(p.id, {
+              callbackURL: window.location.origin + import.meta.env.BASE_URL + 'login',
+              errorCallbackURL: window.location.origin + import.meta.env.BASE_URL + 'login',
+              type: p.type ?? 'social',
+            })
+          }
+        >
+          {/* TODO: replace with provider icon from lucide-react or simple-icons */}
+          <span className="mr-2 flex h-4 w-4 items-center justify-center rounded-sm bg-muted text-[10px] font-bold uppercase">
+            {p.id[0]}
+          </span>
+          {label} {p.name}
+        </Button>
+      ))}
+      <div className="relative my-1">
+        <div className="absolute inset-0 flex items-center">
+          <span className="w-full border-t" />
+        </div>
+        <div className="relative flex justify-center text-xs uppercase">
+          <span className="bg-card px-2 text-muted-foreground">or continue with email</span>
+        </div>
+      </div>
+    </div>
+  );
+}
@@ -15,7 +15,7 @@ import { useObjectStackClient } from '../hooks/useObjectStackClient';
 import { SessionProvider, useSession } from '../hooks/useSession';
 
 /** Routes that don't require authentication. */
-const PUBLIC_ROUTES = new Set(['/login', '/register']);
+const PUBLIC_ROUTES = new Set(['/login', '/register', '/forgot-password']);
 
 /**
  * Routes where an environment selection is NOT required.
 
@@ -4,12 +4,14 @@ import { createFileRoute, Link, useNavigate } from '@tanstack/react-router';
 import { useEffect, useState } from 'react';
 import { useClient } from '@objectstack/client-react';
 import { Button } from '@/components/ui/button';
-import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from '@/components/ui/card';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@/components/ui/card';
 import { Input } from '@/components/ui/input';
 import { Label } from '@/components/ui/label';
 import { toast } from '@/hooks/use-toast';
 import { useSession } from '@/hooks/useSession';
 import { useProjects } from '@/hooks/useProjects';
+import { SocialSignInButtons } from '@/components/auth/social-sign-in-buttons';
+import { GalleryVerticalEnd } from 'lucide-react';
 
 export const Route = createFileRoute('/login')({
   component: LoginPage,
@@ -68,50 +70,74 @@ function LoginPage() {
   };
 
   return (
-    <div className="flex flex-1 items-center justify-center bg-background px-4">
-      <Card className="w-full max-w-sm">
-        <CardHeader>
-          <CardTitle>Sign in</CardTitle>
-          <CardDescription>Access your ObjectStack Studio workspace.</CardDescription>
-        </CardHeader>
-        <form onSubmit={handleSubmit}>
-          <CardContent className="space-y-4">
-            <div className="space-y-1.5">
-              <Label htmlFor="email">Email</Label>
-              <Input
-                id="email"
-                type="email"
-                autoComplete="email"
-                required
-                value={email}
-                onChange={(e) => setEmail(e.target.value)}
-              />
-            </div>
-            <div className="space-y-1.5">
-              <Label htmlFor="password">Password</Label>
-              <Input
-                id="password"
-                type="password"
-                autoComplete="current-password"
-                required
-                value={password}
-                onChange={(e) => setPassword(e.target.value)}
-              />
-            </div>
-          </CardContent>
-          <CardFooter className="flex flex-col gap-3">
-            <Button type="submit" className="w-full" disabled={submitting}>
-              {submitting ? 'Signing in…' : 'Sign in'}
-            </Button>
-            <p className="text-xs text-muted-foreground">
-              No account?{' '}
-              <Link to="/register" className="text-primary hover:underline">
-                Create one
-              </Link>
-            </p>
-          </CardFooter>
-        </form>
-      </Card>
+    <div className="flex min-h-svh w-full flex-col items-center justify-center gap-6 bg-muted p-6 md:p-10">
+      <div className="flex w-full max-w-sm flex-col gap-6">
+        <a href="#" className="flex items-center gap-2 self-center font-medium">
+          <div className="flex size-6 items-center justify-center rounded-md bg-primary text-primary-foreground">
+            <GalleryVerticalEnd className="size-4" />
+          </div>
+          ObjectStack
+        </a>
+        <div className="flex flex-col gap-6">
+          <Card>
+            <CardHeader className="text-center">
+              <CardTitle className="text-xl">Welcome back</CardTitle>
+              <CardDescription>Access your ObjectStack Studio workspace.</CardDescription>
+            </CardHeader>
+            <CardContent>
+              <form onSubmit={handleSubmit}>
+                <div className="flex flex-col gap-4">
+                  <SocialSignInButtons mode="sign-in" />
+                  <div className="flex flex-col gap-2">
+                    <Label htmlFor="email">Email</Label>
+                    <Input
+                      id="email"
+                      type="email"
+                      placeholder="m@example.com"
+                      autoComplete="email"
+                      required
+                      value={email}
+                      onChange={(e) => setEmail(e.target.value)}
+                    />
+                  </div>
+                  <div className="flex flex-col gap-2">
+                    <div className="flex items-center">
+                      <Label htmlFor="password">Password</Label>
+                      <Link
+                        to="/forgot-password"
+                        className="ml-auto text-sm underline-offset-4 hover:underline"
+                      >
+                        Forgot your password?
+                      </Link>
+                    </div>
+                    <Input
+                      id="password"
+                      type="password"
+                      autoComplete="current-password"
+                      required
+                      value={password}
+                      onChange={(e) => setPassword(e.target.value)}
+                    />
+                  </div>
+                  <Button type="submit" className="w-full" disabled={submitting}>
+                    {submitting ? 'Signing in…' : 'Login'}
+                  </Button>
+                  <p className="text-center text-sm text-muted-foreground">
+                    Don&apos;t have an account?{' '}
+                    <Link to="/register" className="underline underline-offset-4 hover:text-primary">
+                      Sign up
+                    </Link>
+                  </p>
+                </div>
+              </form>
+            </CardContent>
+          </Card>
+          <p className="px-6 text-center text-xs text-muted-foreground [&_a]:underline [&_a]:underline-offset-4 [&_a]:hover:text-primary">
+            By clicking continue, you agree to our{' '}
+            <a href="#">Terms of Service</a> and <a href="#">Privacy Policy</a>.
+          </p>
+        </div>
+      </div>
     </div>
   );
 }