Google OAuth boundary

Auth shell, built for tenant boundaries.

Login is anchored on auth.taxipartner.at. The shell now routes Google sign-in through a real callback, issues a signed session cookie, and keeps the tenant boundary fail-closed.

Open login Sign out

Auth state

Not signed in

Waiting for Google OAuth

Active tenant

No active tenant yet

Allowlist

taxipartner.at

Callback

/api/auth/callback/google

Session scope

Signed cookie, 30-day TTL