## Summary
Backport of session cookie authentication implementation from main to
rh-test.
## Changes
- Added session cookie management via extension hooks
- Cookie created on login, refreshed on token refresh, deleted on logout
- New extension hooks: `onAuthTokenRefreshed()` and `onAuthUserLogout()`
- DDD-compliant structure with platform layer
(`src/platform/auth/session/`)
## Conflict Resolution
- Resolved import conflict in `firebaseAuthStore.ts` (merged
`onIdTokenChanged` + `sendEmailVerification`)
- Added `onIdTokenChanged` mock to tests
┆Issue is synchronized with this [Notion
page](https://www.notion.so/PR-6299-backport-rh-test-Add-session-cookie-auth-2986d73d365081238507f99ae789d44b)
by [Unito](https://www.unito.io)
## Summary
Some users were authenticating successfully but their email addresses
weren't being extracted from the Firebase token. This happened because
we weren't explicitly requesting the email scope during OAuth
authentication.
While Firebase's default configuration includes basic profile info, it
doesn't guarantee email access for all account types - particularly
Google Workspace accounts with restrictive policies or users with
privacy-conscious settings.
[Github
Scopes](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps)
## Changes
Adding email scope for Google + Github social OAuth.
## Review Focus
N/A
## Screenshots (if applicable)
┆Issue is synchronized with this [Notion
page](https://www.notion.so/PR-5638-Explicitly-add-email-scope-for-social-auth-login-2726d73d3650817ab356fc9c04f8641b)
by [Unito](https://www.unito.io)
---------
Co-authored-by: Alexander Brown <drjkl@comfy.org>
* [fix] gracefully handle Firebase auth failure
* [test] Add failing tests to reproduce Firebase Auth network issue #4468
Add test cases that demonstrate the current problematic behavior where
Firebase Auth makes network requests when offline without graceful error
handling, causing toast error messages and degraded offline experience.
Tests reproduce:
- getIdToken() throwing auth/network-request-failed instead of returning null
- getAuthHeader() failing to fallback gracefully when Firebase token refresh fails
These tests currently pass by expecting the error to be thrown. After
implementing the fix, the tests should be updated to verify graceful
handling (returning null instead of throwing).
Related to issue #4468: Firebase Auth makes network requests when offline
without evicting token
🤖 Generated with Claude Code
Co-Authored-By: Claude <noreply@anthropic.com>
* [test] update firebaseAuthStore tests
They match the behavior of the implemented solution now
* [test] add firebaseAuthStore.getTokenId test for non-network errors
* [chore] code review feedback
* [test] use FirebaseError
Co-authored-by: Alexander Brown <drjkl@comfy.org>
* [fix] remove indentation and fix test
---------
Co-authored-by: snomiao <snomiao@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Alexander Brown <drjkl@comfy.org>
