Identity
Google and Facebook sign-in reduce password friction for guests and portal users.
Guests link Google or Facebook identities instead of memorizing another password.
Portal users map OAuth subjects to tenant roles without duplicate email accounts.
Enterprise SSO hooks extend the same flow for SAML tenants under custom contracts.
Users consent on the provider; callbacks land on verified redirect URIs only.
Server exchanges codes for profiles and links or creates local user rows.
HTTP-only cookies issue JWT sessions compatible with MFA upgrades.
Checkout login completes faster on mobile after long flights.
Support tickets for forgotten passwords drop among OAuth-linked guests.
Same session layer accepts SAML assertions for corporate tenants.
State parameters and PKCE protect authorization flows on public clients.
Provider tokens never reach browsers — only server-side session cookies issue.
NestJS auth module registers Google and Facebook apps with per-environment client IDs.
Admin consoles revoke linked identities when staff depart partner organizations.
Returning guests tap Google to access saved passengers instantly.
Agency employees use corporate Google Workspace for portal access.
Newsletter CTAs offer OAuth to create lightweight accounts.
