> Custom OAuth implementation with user registration/login
Please don't. At 2 minute glance you are allowing empty state (csrf) and bearer tokens in query string[0], not checking if token is expired or not[1], storing secrets in plain text / not salting[2], missing PKCE Validation, debug mode always on, redirect URL only checking if includes (127.0.0.1.evil.com works)[3] so much...
Please, please, please don't recommend this for any production usage.
I've been about it as "throwaway software." Why bother searching for someone else's mediocre LLM generated software when I can just as easily (and hopefully as cheaply) generate the same thing, but it just works for me
Kindle has been doing this for years and has really made me a loyal customer to them. Always surprised the penny pinchers at Amazon haven't killed it yet.