huskies: merge 724_story_per_account_oauth_credential_storage_with_login_pool

server/src/service/oauth/mod.rs

@@ -11,7 +11,7 @@ pub mod flow;
 pub(super) mod io;
 pub mod pkce;
 
-pub use flow::FlowStatus;
+pub use flow::AccountInfo;
 
 use flow::PendingFlow;
 use std::collections::HashMap;
@@ -154,18 +154,26 @@ pub async fn exchange_code(state: &OAuthState, code: &str, csrf_state: &str) ->
         io::exchange_code_for_tokens(code, &flow.redirect_uri, &flow.code_verifier, csrf_state)
             .await?;
     let now_ms = io::current_time_ms();
-    io::save_credentials(&token, now_ms)?;
+
+    // Attempt to resolve the email for this account; silently fall back to an
+    // empty string so that credential storage always succeeds.
+    let email = io::fetch_user_email(&token.access_token)
+        .await
+        .unwrap_or_default();
+
+    io::save_credentials(&token, now_ms, &email)?;
 
     crate::slog!("[oauth] Successfully authenticated and saved credentials");
     Ok(())
 }
 
-/// Return the current OAuth credential status without performing any I/O beyond
-/// reading the credentials file.
+/// Return status information for every account in the login pool.
 ///
-/// Returns an unauthenticated [`FlowStatus`] when no credentials file exists.
-pub fn check_status() -> FlowStatus {
-    io::load_status()
+/// If no pool exists yet, falls back to the legacy single-account credentials
+/// file so that existing deployments continue to work. Returns an empty `Vec`
+/// when neither the pool nor the legacy file is present.
+pub fn check_all_accounts() -> Vec<AccountInfo> {
+    io::load_all_accounts()
 }
 
 // ── Tests ─────────────────────────────────────────────────────────────────────