Authentication Routing: OAuth-Only Sign-Up
Authentication Routing: OAuth-Only Sign-Up
Overview
The platform uses OAuth exclusively for member authentication. Password-based registration has been deprecated. This page explains what that means for developers integrating with or extending the platform.
Sign-Up Flow
The /sign-up route exists in the codebase (src/app/sign-up/[[...sign-up]]/page.tsx) but is not an active registration page. It immediately redirects all visitors to /sign-in.
GET /sign-up → 302 redirect → /sign-in
This is intentional. There is no self-serve, password-based sign-up form. New members are onboarded through OAuth providers.
Deprecated Registration Endpoint
The API route POST /api/auth/register returns a 410 Gone response:
POST /api/auth/register
HTTP/1.1 410 Gone
{
"message": "Password registration is deprecated."
}
The 410 Gone status code is the correct HTTP signal here — it communicates that the resource previously existed but has been intentionally and permanently removed, as distinct from a 404 Not Found.
Do not build integrations that call
POST /api/auth/register. The endpoint will always return410and will never create a user.
What Developers Should Do Instead
| Scenario | Recommended Approach |
|---|---|
| Onboarding a new member | Direct them to /sign-in and use an OAuth provider |
| Linking to sign-up in UI | Use /sign-in — the auth page handles both sign-in and OAuth-based account creation |
| Invite-based flows | Not yet implemented; requires a product spec before building |
| Automated test user creation | Use your OAuth provider's test credentials or a seeding script that bypasses the auth route |
Route Folder Presence
The src/app/sign-up/[[...sign-up]]/ folder is retained in the codebase for routing compatibility (e.g. deep-link handling by auth libraries). Its presence does not indicate an active sign-up flow. Developers encountering this folder should refer to this page before assuming it represents a functional registration screen.
Future Changes
If a dedicated sign-up flow is required (e.g. invite-based registration, self-serve trials), the following would be needed before implementation:
- A product spec update explicitly enabling the flow.
- Removal or replacement of the
/sign-upredirect. - A new API handler (or removal of the
410stub) at/api/auth/register.
No such changes are planned at this time.