Changelog
feat: SSO identity linking, passkeys, Stripe KYC, super_admin bootstrap
April 17, 2026Branch feat/sso-linking-kyc-passkeysPR #2822 min readAI Generated
feat: SSO identity linking, passkeys, Stripe KYC, super_admin bootstrap
Automated summary for branch feat/sso-linking-kyc-passkeys. This post is generated on push; commit it with your changes.
Commits
- 7703dedb feat(auth): GIS onboarding role selection for new users
- 36e72ad1 chore(webapp): biome fixes and sync PR blog post
- 1fbf35d7 feat(auth): Google Identity Services popup login
- 782b3b2b fix(docs): correct production domain to agentic-dds.com throughout
- df869197 chore(webapp): sync PR blog post
- 5477eb1a feat: SSO identity linking, passkeys, Stripe KYC, super_admin bootstrap
Files changed
Cargo.lock | 288 ++++++++-
Cargo.toml | 3 +
bun.lock | 6 +
docs/adr/003-stripe-identity.md | 102 +++
docs/deployment/custom-domain-forwarding.md | 18 +-
docs/runbooks/grant-super-admin.md | 60 ++
docs/runbooks/production-setup.md | 216 +++++++
infra/azure-bicep/modules/budget.bicep | 4 +-
scripts/cancel-saas.sh | 93 +++
scripts/db/seed_bootstrap_super_admin.sql | 19 +
services/rust-api/Cargo.toml | 9 +
services/rust-api/migrations/023_identities.sql | 29 +
.../migrations/024_identities_backfill.sql | 23 +
.../rust-api/migrations/025_merge_proposals.sql | 21 +
.../migrations/026_passkey_credentials.sql | 26 +
.../rust-api/migrations/027_id_verifications.sql | 29 +
.../migrations/028_bootstrap_super_admin.sql | 27 +
services/rust-api/src/api/mod.rs | 28 +
services/rust-api/src/api/v1/auth.rs | 264 +++++++-
services/rust-api/src/api/v1/identity.rs | 627 ++++++++++++++++++
services/rust-api/src/api/v1/mod.rs | 2 +
services/rust-api/src/api/v1/webhooks.rs | 223 +++++++
services/rust-api/src/config.rs | 69 +-
services/rust-api/src/lib.rs | 14 +
services/rust-api/src/main.rs | 15 +-
services/rust-api/src/repositories/mod.rs | 9 +-
services/rust-api/src/repositories/postgres.rs | 706 +++++++++++++++++++++
services/rust-api/tests/identity_resolver_test.rs | 269 ++++++++
.../feat-sso-linking-kyc-passkeys/manifest.json | 14 +
.../feat-sso-linking-kyc-passkeys/versions/ai.md | 76 +++
webapp/e2e/helpers/stripe-identity-webhook.ts | 134 ++++
webapp/e2e/helpers/virtual-authenticator.ts | 75 +++
webapp/e2e/identity-linking.spec.ts | 204 ++++++
webapp/package.json | 2 +
.../app/(authenticated)/account/security/page.tsx | 32 +
.../account/security/security-client.tsx | 289 +++++++++
.../verify-identity/identity-verification-flow.tsx | 141 ++++
.../account/verify-identity/page.tsx | 23 +
.../src/app/(signup)/auth/login/google-one-tap.tsx | 17 -
webapp/src/app/(signup)/auth/login/page.tsx | 10 -
.../app/(signup)/auth/oauth-provider-buttons.tsx | 55 +-
webapp/src/app/(signup)/auth/onboarding/page.tsx | 172 +++++
webapp/src/app/api/auth/google/credential/route.ts | 51 ++
webapp/src/app/api/auth/me/role/route.ts | 35 +
.../identity/identities/merge/[id]/accept/route.ts | 11 +
.../identities/merge/[id]/dismiss/route.ts | 11 +
.../src/app/api/identity/link/[provider]/route.ts | 39 ++
.../api/identity/passkey/login/options/route.ts | 14 +
.../app/api/identity/passkey/login/verify/route.ts | 26 +
.../api/identity/passkey/register/options/route.ts | 13 +
.../api/identity/passkey/register/verify/route.ts | 12 +
webapp/src/app/api/identity/passkeys/[id]/route.ts | 11 +
webapp/src/app/api/identity/verification/route.ts | 17 +
.../src/components/auth/google-sign-in-button.tsx | 138 ++++
webapp/src/components/identity/passkey-enroll.tsx | 97 +++
.../components/identity/passkey-login-button.tsx | 68 ++
webapp/src/lib/auth-from-request.ts | 17 +-
webapp/src/server/auth/user.ts | 4 +-
58 files changed, 4911 insertions(+), 96 deletions(-)
How this works
This file is produced by webapp/tools/sync-pr-blog-post.ts. Add a versions/human.md file in the same folder to publish a human-written alternative; the site will show tabs for AI Draft and Human when both exist.