A small but overdue piece of housekeeping: you can now sign in with Google. The OAuth flow is wired through accounts.google.com, the callback lands you back at the app on whichever brand you arrived from, and your account is linked to your Google identity for future logins.
What's new
Sign in with Google. Available on the login page from this week. Accounts created via Google login are linked to the Google email; subsequent logins through the same Google account will return you to the same FishDog user.
Thirty-day sessions. Authenticated browser sessions now last thirty days by default (up from a fifteen-minute hard timeout that was, frankly, hostile). Lightweight authenticated polling requests refresh the lifetime, so a session you're actively using doesn't expire mid-task.
Host canonicalisation on the OAuth start. This is housekeeping for the rebrand: requests starting on
fish.dogorfish.dogaliases are redirected onto the exact callback-capable host before the Google redirect is created, so the OAuth state stays on the same host that receives the callback. Previous behaviour bounced users back to/auth/loginafter a successful Google consent step. No more.
What didn't change
Email-and-password login still works. The next parameter on the password login form is preserved through Google sign-in too, so a deep-link login redirects to the right place.
Refinements through April
The Google login flow was refined further in mid-April with additional session-fix work. Both paths are now stable.
---