Login people already have: OAuth, SSO, and outbound webhooks
Adding social login and SSO so nobody makes another password, project webhooks for outbound events, and GDPR-style data export — all in one day.
Yesterday was the first commit. Today was about meeting people where they already are — and letting data flow both directions.
Don't make me make another password
Nobody wants a new password for a dev tool. So today I wired up OAuth and SSO: Google, GitHub, and Microsoft flows via Socialite, plus the scaffolding for SAML/OIDC enterprise connections.
The fiddly part isn't the happy path — it's the edges. What happens when someone signs in with GitHub using the same email they registered with manually? When an SSO connection is org-scoped and you need to route the callback back to the right organization? I'd rather solve those now, while there are zero users, than during an incident later.
Webhooks: letting events leave
An observability tool that only receives data is a roach motel. So I added project webhooks — when an error fires, we can POST it to your endpoint with an HMAC signature and retry-with-backoff delivery. That's the seam that lets people pipe events into Slack, a homegrown dashboard, or whatever weird internal tool they love.
(Note for later me: this is outbound issue webhooks, distinct from the alert-channel system I'll build in June. Don't confuse the two.)
Data export, because it's the right thing
I also shipped GDPR-style data export — a user can download their data, and an org admin can export the org's. Building this early is a forcing function: it makes me think about what data I'm actually storing and why, before there's a mountain of it.
Three features, one day. The theme: an observability platform is a hub, not a silo. Auth lets the right people in; webhooks and export let data move freely.
Next up, the unglamorous but load-bearing work — making the build pipeline trustworthy.