Automated tests do not contact GitHub. Complete this checklist with an authorized GitHub OAuth App before release.
- Set
BETTER_AUTH_URLto the exact application origin. - Configure
${BETTER_AUTH_URL}/api/auth/callback/githubas the OAuth callback. - Set a unique
BETTER_AUTH_SECRETwith at least 32 characters. - Configure
GITHUB_CLIENT_IDandGITHUB_CLIENT_SECRET. - Start with a new database containing the v3 baseline migration.
- Open
/loginwhile signed out and verify GitHub is the only sign-in method. - Complete GitHub authorization and verify the browser returns to
/workspace. - Verify one
User, one GitHubAccount, and one activeSessionwere created. - Sign out and verify
/workspaceredirects to/login. - Sign in with the same GitHub account and verify the existing User and Account are reused while a new Session is created.
- Open
/workspacein a new request and verify the database session persists. - Revoke the session in the database and verify the next protected request is rejected.
- Trigger an OAuth denial or invalid callback and verify the browser returns to
/login?error=oauthwithout exposing provider details.
Never include OAuth tokens, session tokens, or kubeconfig content in verification notes.