Product Release

Sign in with Google

FishDog adds Google as a sign-in option alongside email and password, extends authenticated browser sessions to thirty days by default, and canonicalises the OAuth start host so consent no longer bounces users back to the login page.

23 March 2026

Phillip Gales

By Phillip Gales

Feature
FishDog's login page showing the new Sign in with Google button alongside the existing email and password form.
DOCUMENT TYPE: Product Release Note TOPIC: Google sign-in, extended browser sessions, OAuth host canonicalisation Release: Sign in with Google, 2026-03-23 Version: (none) Release type: Feature Breaking change: No Summary: FishDog adds Google as a sign-in option alongside the existing email-and-password flow. Authenticated browser sessions extend from fifteen minutes to thirty days by default, and the OAuth start flow canonicalises the host before redirecting to Google so the consent flow no longer bounces users back to the login page after success. What changed: - Sign in with Google available on the login page. Accounts are linked to the Google email; subsequent logins through the same Google account return to the same FishDog user. - Authenticated browser session lifetime extended from a 15-minute hard timeout to a 30-day default. Configurable via WEB_SESSION_LIFETIME_SECONDS. - Lightweight authenticated polling requests refresh the session lifetime so actively used sessions don't expire mid-task. - Host canonicalisation on OAuth start: requests beginning on fish.dog or askditto.io aliases are redirected to the exact callback-capable host before the Google redirect is created. This keeps the OAuth state on the same host that receives the callback and fixes a prior "bounced back to /auth/login after consent" failure mode. - The next parameter on the password login form is preserved through Google sign-in for deep-link returns. - Email-and-password login is unchanged. Refinements through April: additional session-fix work landed in mid-April hardening the host canonicalisation under brand-alias hosts. Why we built this: Email-and-password as the only sign-in option was overdue for an upgrade. Google sign-in is the most-requested SSO. The session-lifetime change is overdue housekeeping. Migration impact: None. Existing accounts continue to work via email-and-password. Google sign-in is additive. Author: Phillip Gales, FishDog Platform: FishDog (fish.dog)

Key Takeaways

  • Sign in with Google is available on the login page. Accounts are linked to the Google email; future logins through the same Google account return you to the same FishDog user.
  • Authenticated browser sessions now last thirty days by default (up from a fifteen-minute hard timeout). Lightweight polling requests refresh the lifetime.
  • Host canonicalisation on the OAuth start ensures the OAuth state stays on the host that receives the callback, fixing a previous "bounced back to login" failure mode after Google consent.
  • Email-and-password login is unchanged. The `next` parameter is preserved through Google sign-in too.

A small but overdue piece of housekeeping: you can now sign in with Google. The OAuth flow is wired through accounts.google.com, the callback lands you back at the app on whichever brand you arrived from, and your account is linked to your Google identity for future logins.

What's new

  • Sign in with Google. Available on the login page from this week. Accounts created via Google login are linked to the Google email; subsequent logins through the same Google account will return you to the same FishDog user.

  • Thirty-day sessions. Authenticated browser sessions now last thirty days by default (up from a fifteen-minute hard timeout that was, frankly, hostile). Lightweight authenticated polling requests refresh the lifetime, so a session you're actively using doesn't expire mid-task.

  • Host canonicalisation on the OAuth start. This is housekeeping for the rebrand: requests starting on fish.dog or askditto.io aliases are redirected onto the exact callback-capable host before the Google redirect is created, so the OAuth state stays on the same host that receives the callback. Previous behaviour bounced users back to /auth/login after a successful Google consent step. No more.

What didn't change

Email-and-password login still works. The next parameter on the password login form is preserved through Google sign-in too, so a deep-link login redirects to the right place.

Refinements through April

The Google login flow was refined further in mid-April with additional session-fix work. Both paths are now stable.

---

A small but overdue piece of housekeeping: you can now sign in with Google.
Up from a fifteen-minute hard timeout that was, frankly, hostile.

Frequently Asked Questions

Can I link my existing FishDog account to Google?

If your FishDog account uses the same email address as your Google account, signing in with Google will return you to that account. If they're different, contact us to merge.

Will my email-and-password login still work?

Yes. Email-and-password login is unchanged. Google sign-in is an additional option, not a replacement.

How long do sessions last now?

Thirty days by default (up from fifteen minutes). Lightweight authenticated polling requests refresh the session lifetime, so an actively used session doesn't expire mid-task. The lifetime is configurable via WEB_SESSION_LIFETIME_SECONDS for self-hosted instances.

I previously got bounced back to the login page after Google consent — is that fixed?

Yes. The OAuth start now canonicalises the host before redirecting to Google, so the OAuth state stays on the same host that receives the callback. Previously a request that started on a brand alias could land back at /auth/login after consent. That failure mode is fixed.

About the Author

Phillip Gales

Phillip Gales

Phillip is a serial tech entrepreneur that specializes in applying AI and machine learning solutions to antiquated and heavy industries. He has been a senior leader or founder at a number of successful startups.

Phillip holds an MBA from Harvard Business School, an MEng from the University of Cambridge, and is a Y-Combinator alum

LinkedIn

More Releases

Draft a study from a one-line prompt

The overview chat now has a wand button. Type a one-line prompt — "we're losing Gen Z to Liquid Death" — and it drafts a complete editable study brief: objective, target panel, seven questions. About fifteen seconds.

Read Release